Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.
Published: 2026-05-27
Score: 7.9 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

pam_usb uses removable media to authenticate Linux users. Prior to version 0.8.7, attackers can create symbolic links in the pad directory or target pad files, causing the authentication process to follow the link and write to privileged paths. The result is that the attacker can authenticate without valid credentials and corrupt root‑level files, potentially compromising system integrity. The weakness is reflected in CWE‑287 (Authentication Bypass) and CWE‑59 (Improper Handling of Absolute Path).

Affected Systems

The vulnerability affects the pam_usb module from mcdope. All releases prior to 0.8.7 are impacted; upgrading to 0.8.7 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.9 indicates a High impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves a local attacker who can place or manipulate removable media that the system will read during authentication. By crafting a symlink that points to a high‑privilege file, the attacker can both bypass authentication and overwrite critical system files. This combination of bypass and destructive behavior results in a severe threat if exploited.

Generated by OpenCVE AI on May 27, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pam_usb to version 0.8.7 or later.
  • Restrict or disable removable media access for the user that uses pam_usb, or change the pad directory location to a non‑symlinkable path.
  • Disable the pam_usb authentication module temporarily until a patch is applied.

Generated by OpenCVE AI on May 27, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.
Title pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
Weaknesses CWE-287
CWE-59
References
Metrics cvssV3_1

{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T20:18:46.385Z

Reserved: 2026-05-07T17:07:09.318Z

Link: CVE-2026-44711

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-27T21:16:18.073

Modified: 2026-05-27T21:16:18.073

Link: CVE-2026-44711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T22:30:35Z

Weaknesses