CVE-2026-44711 HIGH

CVE-2026-44711: pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

Vendor Mcdope
Product pam_usb
Weakness CWE-59
Published May 27, 2026
Last update May 28, 2026

CVSS base score

7.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 28, 2026 Record updated