CVE Catalog

CVE-2026-44712

High
Published: Translated: NVD NIST

Summary

pam_usb prior to version 0.8.7 allows remote code execution (RCE) as root through a crafted UUID in the configuration. Running pamusb-conf --reset-pads with such a UUID leads to exploitation of the vulnerability.

Risk Assessment

Organizations may be exposed to unauthorized access and potential takeover of systems, which can lead to serious security consequences.

Recommendation

It is recommended to upgrade to version 0.8.7 or later to mitigate this vulnerability. Additionally, configurations and security measures related to the use of pam_usb should be reviewed.

Original NVD description (English source)

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this) can inject the payload at --add-device time. Also, userName from the XML config is passed to os.system() in pamusb-agent, which invokes a shell. This vulnerability is fixed in 0.8.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS