CVE-2026-48792— pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

CVSS 4.4 · Medium EPSS 0.13% · P3 Updated May 28, 2026

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

Vendor	Product	Version Range	Status
mcdope	pam_usb	`< 0.9.1`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48792

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

Source: NVD (National Vulnerability Database)

Vulnerability Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no virtual devices found) even when every open() call failed due to insufficient permissions. The caller in src/local.c cannot distinguish a clean absence of virtual devices from a permission-denied scan, and acts on the false negative by continuing authentication without denying. This vulnerability is fixed in 0.9.1.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

未有动作错误条件的检测

Source: NVD (National Vulnerability Database)

Vulnerability Title

pam_usb 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

pam_usb是McDope个人开发者的一个基于USB设备的Linux硬件认证工具。 pam_usb 0.9.1之前版本存在安全漏洞，该漏洞源于src/evdev.c静默忽略EACCES错误，可能导致pusb_has_virtual_input_device()返回0即使所有open()调用因权限不足失败。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
mcdope	pam_usb	< 0.9.1	-

II. Public POCs for CVE-2026-48792

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-48792

请登录查看更多情报信息。

Same Patch Batch · mcdope · 2026-05-27 · 15 CVEs total

CVE-2026-44713	8.8 HIGH	pam_usb: Command injection via $TMUX environment variable leads to RCE as root
CVE-2026-44712	8.2 HIGH	pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent
CVE-2026-48064	8.1 HIGH	pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass
CVE-2026-44711	7.9 HIGH	pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and r
CVE-2026-44709	7.8 HIGH	pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution
CVE-2026-47269	7.4 HIGH	pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as
CVE-2026-47272	7.1 HIGH	pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG
CVE-2026-48065	6.7 MEDIUM	pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buf
CVE-2026-47273	6.5 MEDIUM	pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries
CVE-2026-47274	6.3 MEDIUM	pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH ma
CVE-2026-47270	6.3 MEDIUM	pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote resul
CVE-2026-48066	5.7 MEDIUM	pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authe
CVE-2026-47271	5.1 MEDIUM	pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process
CVE-2026-44710	4.6 MEDIUM	pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login den

IV. Related Vulnerabilities

Same product: pam_usb

Same vendor: mcdope

Same weakness: CWE-390

V. Comments for CVE-2026-48792

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-48792— pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-48792

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-48792

III. Intelligence Information for CVE-2026-48792

Vendor Advisories for CVE-2026-48792 (1)

Security Blog Posts for CVE-2026-48792 (1)

Other References for CVE-2026-48792 (1)

Same Patch Batch · mcdope · 2026-05-27 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-48792

Leave a comment