Description
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
Published: 2026-04-03
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access via Access Control Bypass
Action: Apply Patch
AI Analysis

Impact

A flaw inside the util‑linux package, specifically the login utility when run with the -h option, improperly canonicalizes the hostname supplied by the user. The altered hostname is then used to set the PAM_RHOST environment variable, potentially causing host‑based Pluggable Authentication Modules to evaluate an incorrect fully qualified domain name. Attackers can craft a hostname that bypasses PAM access control rules, leading to unauthorized authentication or privilege escalation. This weakness is categorized as improper authorization (CWE‑289). The impact is limited to gaining authentication privileges; it does not provide arbitrary code execution or denial of service.

Affected Systems

The vulnerability affects Red Hat products: Red Hat Enterprise Linux 7 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. Any instance of these operating systems or container runtimes that run login with the -h option is potentially exposed.

Risk and Exploitability

The CVSS score of 3.7 indicates a low severity, and the EPSS score is below 1 %, suggesting a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Since the flaw allows an attacker to influence the hostname used for authentication, the practical attack vector requires remote access to the system to invoke login with the -h option and supply the crafted hostname. No known public exploits exist, so the risk remains low to moderate under current conditions.

Generated by OpenCVE AI on April 15, 2026 at 19:41 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Update the system to the vendor‑supplied patched util‑linux package that fixes the hostname canonicalization bug.
  • If the patch cannot be applied immediately, review and tighten PAM host‑based access rules so that they rely on explicit FQDNs or other reliable identifiers rather than the value supplied to login's -h option.
  • Configure monitoring to detect anomalous authentication attempts that include unexpected or malformed hostnames, and review logs regularly for signs of privilege escalation attempts.

Generated by OpenCVE AI on April 15, 2026 at 19:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
Title util-linux: util-linux: Access control bypass due to improper hostname canonicalization Util-linux: util-linux: access control bypass due to improper hostname canonicalization
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux util-linux
Vendors & Products Linux
Linux util-linux

Wed, 25 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title util-linux: util-linux: Access control bypass due to improper hostname canonicalization
Weaknesses CWE-289
References
Metrics threat_severity

None

 cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

threat_severity

Low

Subscriptions

Linux Util-linux
Redhat Enterprise Linux Hummingbird Openshift
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-23T14:50:16.685Z

Reserved: 2026-02-25T08:02:20.937Z

Link: CVE-2026-3184

cve-icon Vulnrichment

Updated: 2026-04-03T20:06:18.328Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-03T19:17:23.377

Modified: 2026-04-23T16:16:25.373

Link: CVE-2026-3184

cve-icon Redhat

Severity : Low

Publid Date: 2026-02-25T04:04:00Z

Links: CVE-2026-3184 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:45:12Z

Weaknesses