CVE-2026-44713

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen(). Because the value is placed inside double-quotes without sanitisation, any value containing " terminates the quoted string and injects arbitrary shell syntax. popen() runs as root inside the PAM stack. This vulnerability is fixed in 0.8.7.

Vulnerability Details

Published Date

May 27, 2026

Last Modified

May 27, 2026

CWE ID

CWE-78

Source

NVD

Vendor

mcdope

Product

pam_usb

External References

https://github.com/mcdope/pam_usb/security/advisories/GHSA-822m-whrh-vrj8

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment