CVE-2026-48980
MediumCVSS 6.3Summary
In versions prior to 0.9.2, the pam_usb module, responsible for hardware authentication on Linux, is vulnerable to environment variable injection. The XRDP_SESSION, DISPLAY, and TMUX variables can be manipulated by a local user, affecting the local and remote session checking logic.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to the system by manipulating environment variables in the context of setuid processes like sudo or su.
Recommendation
It is recommended to update the pam_usb module to version 0.9.2 or later to mitigate this vulnerability.
Original NVD description (English source)
pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or remote, and a PAM module that runs in the context of setuid binaries (sudo, su), getenv() returns attacker-controlled values whenever the process environment has been manipulated by a local user. This issue has been fixed in version 0.9.2.

