CVE-2026-47274

Source
https://cve.org/CVERecord?id=CVE-2026-47274
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47274.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47274
Aliases
  • GHSA-pp29-w28g-r9h9
Published
2026-05-27T20:02:38.484Z
Modified
2026-07-08T08:12:37.958721Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation
Details

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM authentication or tool execution could substitute malicious binaries. The affected tools are pamusb-check (src/tmux.c), pamusb-conf (tools/pamusb-conf), and pamusb-keyring-unlock-gnome (tools/pamusb-keyring-unlock-gnome). This vulnerability is fixed in 0.9.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47274.json",
    "cwe_ids": [
        "CWE-427"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/mcdope/pam_usb

Affected ranges

Type
GIT
Repo
https://github.com/mcdope/pam_usb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.0"
        }
    ]
}

Affected versions

0.*
0.5.0
0.7.1
0.7.2
0.7.3
0.8.3
0.8.4
0.8.7
v0.*
v0.7.0
v0.8.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47274.json"