Remote Code Execution Vulnerability in pam_usb by mcdope
CVE-2026-44712

8.2HIGH

Key Information:

Vendor: Mcdope
Status: Pam Usb
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-44712?

The pam_usb tool, used for hardware authentication on Linux systems via USB devices, has a vulnerability that allows for remote code execution. When configured with a carefully crafted UUID, an attacker can exploit this flaw by invoking the pamusb-conf utility with specific options. This exploitation occurs during the addition of a device and can lead to unauthorized access and system compromise. Affected versions prior to 0.8.7 are susceptible to this vulnerability, as they inadequately handle user-provided input, allowing a potential attacker to execute arbitrary commands via the os.system() call in pamusb-agent.

Affected Version(s)

pam_usb < 0.8.7

References

https://github.com/mcdope/pam_usb/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44712 Data

JSON

Mcdope

What is CVE-2026-44712?

Affected Version(s)

References

CVSS V3.1

Timeline