pam_usb: Symlink attacks on pad directory and pad files enable...

7.9 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

Basic Information

ID CVE-2026-44711

Source GitHub_M

Published May 27, 2026 at 20:18

Affected Product

Vendor mcdope

Product pam_usb

Version < 0.8.7

Affected Versions mcdope pam_usb < 0.8.7

CWE Classification

CWE-59 CWE-287

References

github.com /mcdope/pam_usb/security/advisories/GHSA-fjpm-p9pj-mp34

{
    "lastseen": "",
    "description": "pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.",
    "published": "2026-05-27T20:18:46.385Z",
    "modified": "2026-05-27T20:18:46.385Z",
    "type": "cve",
    "title": "pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption",
    "source": "GitHub_M",
    "references": "https://github.com/mcdope/pam_usb/security/advisories/GHSA-fjpm-p9pj-mp34",
    "id": "CVE-2026-44711",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "mcdope pam_usb < 0.8.7",
    "sourceHref": "",
    "cvss": {
        "score": 7.9,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pam_usb",
    "version": "< 0.8.7",
    "vendor": "mcdope",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption_CVE-2026-44711