CVE-2026-44709

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7

Description pam usb provides hardware authentication for Linux using removable media. The pamusb-pinentry component reads the PINENTRY FALLBACK APP environment variable and executes it without validation. A process capable of setting environment variables before pamusb-pinentry is invoked can point PINENTRY FALLBACK APP to an arbitrary binary or script, leading to execution with the privileges of the pam usb tool chain.

Recommendations Update to version 0.8.7.