What is the CVSS score of CVE-2026-44710?

CVE-2026-44710 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-44710?

Yes, a patch is available for CVE-2026-44710. Update the affected software to the latest version immediately.

pam_usb CVE-2026-44710

EUVD-2026-32660 MEDIUM

NULL Pointer Dereference (CWE-476)

2026-05-27 security-advisories@github.com

Denial Of Service Null Pointer Dereference

4.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 22:41 vuln.today

Patch available

May 27, 2026 - 22:04 EUVD

CVE Published

May 27, 2026 - 21:16 nvd

MEDIUM 4.6

DescriptionNVD

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.

AnalysisAI

NULL pointer dereference in pam_usb prior to 0.8.7 allows a physically present attacker to crash the PAM authentication stack by inserting a USB device whose serial, vendor, or model metadata fields are absent. The module in src/device.c passes return values from udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks, despite the GIO/UDisks2 API explicitly documenting that these accessors can return NULL for devices not exposing those fields. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44710 vulnerability details – vuln.today

Back

pam_usb CVE-2026-44710

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code