Shell Injection in pam_usb Hardware Authentication for Linux
CVE-2026-44713

8.8HIGH

Key Information:

Vendor: Mcdope
Status: Pam Usb
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-44713?

In pam_usb, a hardware authentication system for Linux, a vulnerability exists prior to version 0.8.7 that allows for shell command injection. Specifically, in the src/tmux.c file, the user's $TMUX environment variable is read and improperly handled. The socket-path component is directly interpolated into a shell command without sufficient sanitization, facilitating the injection of arbitrary shell syntax if the variable includes a double-quote. This vulnerability poses a significant risk as the popen() function executes with root privileges within the PAM stack, which could lead to unauthorized access and control over the system.

Affected Version(s)

pam_usb < 0.8.7

References

https://github.com/mcdope/pam_usb/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44713 Data

JSON

Mcdope

What is CVE-2026-44713?

Affected Version(s)

References

CVSS V3.1

Timeline