EUVD-2026-18817Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A flaw was found in util-linux. Improper hostname canonicalization in the login(1) utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAM_RHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
AnalysisAI
Improper hostname canonicalization in util-linux login(1) utility with the -h option allows remote attackers to bypass host-based PAM access control rules by supplying specially crafted hostnames that are modified before being passed to PAM_RHOST, potentially leading to unauthorized access. The vulnerability affects Red Hat Enterprise Linux 7 through 10 and related products; exploitation requires high attack complexity but no authentication or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | This vulnerability presents a low-to-moderate real-world risk despite its CVSS score of 3.7. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a system running a vulnerable version of util-linux could craft a specially formed hostname that, when passed to login(1) via the -h option, undergoes canonicalization in a way that matches an allowed FQDN in the target's PAM host-based access rules. For example, if PAM rules permit login from 'trusted.example.com', the attacker might provide a crafted hostname that canonicalizes to that FQDN despite originating from an untrusted source, thereby gaining unauthorized access to a user account. … |
| Remediation | Apply vendor-released patches from Red Hat for the affected util-linux package across all impacted RHEL versions (7, 8, 9, 10), Red Hat Hardened Images, and OpenShift Container Platform 4 installations. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The
Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat
Share
External POC / Exploit Code
Leaving vuln.today