Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.
Published: 2026-05-27
Score: 7.9 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

pam_usb uses removable media to authenticate Linux users. Prior to version 0.8.7, attackers can create symbolic links in the pad directory or target pad files, causing the authentication process to follow the link and write to privileged paths. The result is that the attacker can authenticate without valid credentials and corrupt root‑level files, potentially compromising system integrity. The weakness is reflected in CWE‑287 (Authentication Bypass) and CWE‑59 (Improper Handling of Absolute Path).

Affected Systems

The vulnerability affects the pam_usb module from mcdope. All releases prior to 0.8.7 are impacted; upgrading to 0.8.7 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.9 indicates a High impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves a local attacker who can place or manipulate removable media that the system will read during authentication. By crafting a symlink that points to a high‑privilege file, the attacker can both bypass authentication and overwrite critical system files. This combination of bypass and destructive behavior results in a severe threat if exploited.

Generated by OpenCVE AI on May 27, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pam_usb to version 0.8.7 or later.
  • Restrict or disable removable media access for the user that uses pam_usb, or change the pad directory location to a non‑symlinkable path.
  • Disable the pam_usb authentication module temporarily until a patch is applied.

Generated by OpenCVE AI on May 27, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Mcdope
Mcdope pam Usb
Vendors & Products Mcdope
Mcdope pam Usb

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.
Title pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
Weaknesses CWE-287
CWE-59
References
Metrics cvssV3_1

{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H'}

Subscriptions

Mcdope Pam Usb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T12:47:16.174Z

Reserved: 2026-05-07T17:07:09.318Z

Link: CVE-2026-44711

cve-icon Vulnrichment

Updated: 2026-05-28T12:41:47.176Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T21:16:18.073

Modified: 2026-06-17T10:51:15.697

Link: CVE-2026-44711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:49:57Z

Weaknesses
  • CWE-287

    Improper Authentication

  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')