CVE Catalog
CVE-2026-44711
HighSummary
pam_usb prior to version 0.8.7 is vulnerable to symlink attacks that allow authentication bypass and root file corruption. Version 0.8.7 includes a fix for this vulnerability.
Risk Assessment
Organizations may be exposed to unauthorized access and data corruption, which can lead to serious security implications.
Recommendation
It is recommended to upgrade to version 0.8.7 or later to protect the system against these attacks.
Original NVD description (English source)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

