216.73.216.86

CVE-2026-44713

· Published 27/05/2026 21:16 · Modified 28/05/2026 13:57

Labels: CVE-2026-44713 2026-05-27CVE-2026-44713CWE-78[email protected]

Essential information

Published
27/05/2026 21:16
Modified
28/05/2026 13:57
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen(). Because the value is placed inside double-quotes without sanitisation, any value containing " terminates the quoted string and injects arbitrary shell syntax. popen() runs as root inside the PAM stack. This vulnerability is fixed in 0.8.7.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pam usb / pam usb cpe:2.3:a:pam_usb:pam_usb:<0.8.7:*:*:*:*:*:*:*

References