CVE-2026-3184 LOW

CVE-2026-3184: Util-linux: util-linux: access control bypass due to improper hostname canonicalization

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-289
Published April 3, 2026
Last update May 1, 2026

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
May 1, 2026 Record updated