CVE-2026-44712
HighSummary
pam_usb prior to version 0.8.7 allows remote code execution (RCE) as root through a crafted UUID in the configuration. Running pamusb-conf --reset-pads with such a UUID leads to exploitation of the vulnerability.
Risk Assessment
Organizations may be exposed to unauthorized access and potential takeover of systems, which can lead to serious security consequences.
Recommendation
It is recommended to upgrade to version 0.8.7 or later to mitigate this vulnerability. Additionally, configurations and security measures related to the use of pam_usb should be reviewed.
Original NVD description (English source)
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this) can inject the payload at --add-device time. Also, userName from the XML config is passed to os.system() in pamusb-agent, which invokes a shell. This vulnerability is fixed in 0.8.7.

