pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation...

6.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0.

Basic Information

ID CVE-2026-47274

Source GitHub_M

Published May 27, 2026 at 20:02

Affected Product

Vendor mcdope

Product pam_usb

Version < 0.9.0

Affected Versions mcdope pam_usb < 0.9.0

CWE Classification

CWE-427

References

{
    "lastseen": "",
    "description": "pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0.",
    "published": "2026-05-27T20:02:38.484Z",
    "modified": "2026-05-27T20:02:38.484Z",
    "type": "cve",
    "title": "pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation",
    "source": "GitHub_M",
    "references": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-pp29-w28g-r9h9\nhttps://github.com/mcdope/pam_usb/commit/1ee8745920388df48d001a8e61ba629071557937\nhttps://github.com/mcdope/pam_usb/commit/52a1fd6413b7ffcc1a5b58ce432be42e7bf0dbd0\nhttps://github.com/mcdope/pam_usb/commit/993e73d8bebb1d8e62677388de3402b6ec36b600",
    "id": "CVE-2026-47274",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "mcdope pam_usb < 0.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pam_usb",
    "version": "< 0.9.0",
    "vendor": "mcdope",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation_CVE-2026-47274