PT-2026-44087 · Pam Usb · Pam Usb
Mcdope
·
Published
2026-05-27
·
Updated
2026-05-27
·
CVE-2026-47274
CVSS v3.1
6.3
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
pam usb versions prior to 0.9.0
Description
Multiple helper tools in pam usb resolve external binaries using the
PATH environment variable instead of absolute paths. An attacker capable of influencing the process environment during PAM authentication or tool execution could substitute legitimate binaries with malicious ones. The affected tools include pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome).Recommendations
Update to version 0.9.0.
Fix
LPE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pam Usb