CVE-2026-3184

| EUVD-2026-18817 LOW
2026-04-03 redhat
3.7
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 19:15 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 19:15 euvd
EUVD-2026-18817
CVE Published
Apr 03, 2026 - 18:43 nvd
LOW 3.7

Tags

Authentication Bypass

Description

A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

Analysis

Improper hostname canonicalization in util-linux login(1) utility with the -h option allows remote attackers to bypass host-based PAM access control rules by supplying specially crafted hostnames that are modified before being passed to PAM_RHOST, potentially leading to unauthorized access. The vulnerability affects Red Hat Enterprise Linux 7 through 10 and related products; exploitation requires high attack complexity but no authentication or user interaction. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

19
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +18
POC: 0

Share

CVE-2026-3184 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy