What is the CVSS score of CVE-2026-44712?

CVE-2026-44712 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of pam_usb are affected by CVE-2026-44712?

pam_usb versions prior to 0.8.7 contain a root-level command injection vulnerability allowing attackers to execute arbitrary commands with system privileges.. A patch is available.

pam_usb CVE-2026-44712

EUVD-2026-32662 HIGH

OS Command Injection (CWE-78)

2026-05-27 security-advisories@github.com

Command Injection

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Analysis Generated

May 27, 2026 - 21:32 vuln.today

CVE Published

May 27, 2026 - 21:16 nvd

HIGH 8.2

DescriptionNVD

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID (some controllers allow this) can inject the payload at --add-device time. Also, userName from the XML config is passed to os.system() in pamusb-agent, which invokes a shell. This vulnerability is fixed in 0.8.7.

AnalysisAI

Root command injection in pam_usb prior to 0.8.7 lets a local high-privileged user - or an attacker who can present a removable device with an attacker-chosen filesystem UUID - embed shell metacharacters (e.g. $(id>/tmp/rce)) that execute as root when an administrator runs pamusb-conf --reset-pads. …

RemediationAI

Within 24 hours: Identify all systems running pam_usb versions prior to 0.8.7; restrict physical USB device access and disable pam_usb pamusb-conf utilities until patched. Within 7 days: Deploy pam_usb version 0.8.7 across all affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44712 vulnerability details – vuln.today

Back

pam_usb CVE-2026-44712

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code