What is the CVSS score of CVE-2026-48066?

CVE-2026-48066 has a CVSS 3.1 base score of 5.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-48066?

Yes, a patch is available for CVE-2026-48066. Update the affected software to the latest version immediately.

pam_usb CVE-2026-48066

EUVD-2026-32648 MEDIUM

Race Condition (CWE-362)

2026-05-27 GitHub_M

Information Disclosure Race Condition

5.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Analysis Generated

May 27, 2026 - 21:28 vuln.today

CVE Published

May 27, 2026 - 19:57 nvd

MEDIUM 5.7

DescriptionNVD

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data race when the PAM stack is invoked concurrently from multiple threads. This vulnerability is fixed in 0.9.1.

AnalysisAI

Concurrent PAM invocations in pam_usb prior to 0.9.1 expose a process-wide static pointer race condition in src/log.c, where each PAM call overwrites a shared static pointer with the address of a stack-local variable. When multiple threads invoke the PAM stack simultaneously - a normal condition in multi-threaded Linux services such as SSH daemons or display managers - one thread's logging pointer can reference another thread's already-deallocated stack frame, causing availability loss (crash/hang) or limited integrity corruption. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48066 vulnerability details – vuln.today

Back

pam_usb CVE-2026-48066

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code