CVE Catalog

CVE-2026-44711

High
Published: Translated: NVD NIST

Summary

pam_usb prior to version 0.8.7 is vulnerable to symlink attacks that allow authentication bypass and root file corruption. Version 0.8.7 includes a fix for this vulnerability.

Risk Assessment

Organizations may be exposed to unauthorized access and data corruption, which can lead to serious security implications.

Recommendation

It is recommended to upgrade to version 0.8.7 or later to protect the system against these attacks.

Original NVD description (English source)

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS