What is the CVSS score of EUVD-2026-32651?

EUVD-2026-32651 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-32651?

Yes, a patch is available for EUVD-2026-32651. Update the affected software to the latest version immediately.

pam_usb EUVD-2026-32651

| CVE-2026-47274 MEDIUM

Uncontrolled Search Path Element (CWE-427)

2026-05-27 GitHub_M

Information Disclosure

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 27, 2026 - 22:04 EUVD

Source Code Evidence Fetched

May 27, 2026 - 21:28 vuln.today

Analysis Generated

May 27, 2026 - 21:28 vuln.today

CVE Published

May 27, 2026 - 20:02 nvd

MEDIUM 6.3

DescriptionNVD

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0.

AnalysisAI

PATH hijacking in pam_usb helper tools prior to version 0.9.0 allows a local low-privileged attacker who can manipulate the process environment to substitute malicious binaries for those called by pamusb-check, pamusb-conf, and pamusb-keyring-unlock-gnome, resulting in high confidentiality and integrity impact. The root cause is CWE-427 (Uncontrolled Search Path Element): all three tools resolved external binaries - including id, whoami, pidof, gnome-keyring-daemon, and pamusb-check itself - through the attacker-controllable PATH variable rather than hardcoded absolute paths. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32651 vulnerability details – vuln.today

Back

pam_usb EUVD-2026-32651

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code