CVE-2026-47273
Deferred Deferred - Pending Action
XPath Injection in pam_usb Prior to 0.9.0

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifiers were not validated for XPath metacharacters, allowing injection of arbitrary XPath predicates. This vulnerability is fixed in 0.9.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-17
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-47273
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mcdope pam_usb to 0.9.0 (exc)
mcdope pam_usb From 0.8.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-91 The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in pam_usb versions prior to 0.9.0, which provides hardware authentication for Linux using removable media. The issue arises because pam_usb builds XPath expressions from user-supplied identifiers (such as PAM username and service name) and device-supplied identifiers (like USB device serial, model, and vendor) without validating these inputs for XPath metacharacters. This lack of validation allows an attacker to inject arbitrary XPath predicates, potentially manipulating the authentication process.

Compliance Impact

The vulnerability CVE-2026-47273 in pam_usb allows XPath injection through unvalidated user and device identifiers, potentially enabling attackers to bypass authentication or impersonate devices.

Such unauthorized access or manipulation of authentication mechanisms could lead to unauthorized disclosure or modification of sensitive data, which may impact compliance with data protection regulations like GDPR or HIPAA that require strict access controls and protection of personal or health information.

By allowing attackers to bypass authentication, this vulnerability could undermine the integrity and confidentiality of systems handling regulated data, thereby increasing the risk of non-compliance with these standards.

Detection Guidance

This vulnerability involves XPath injection through user-supplied or device-supplied identifiers in pam_usb prior to version 0.9.0. Detection involves checking if the pam_usb version in use is vulnerable and inspecting configuration or logs for suspicious XPath metacharacters in identifiers.

To detect if your system is vulnerable, first verify the installed pam_usb version:

  • dpkg -l | grep pam_usb # On Debian-based systems
  • rpm -qa | grep pam_usb # On RPM-based systems

If the version is earlier than 0.9.0, your system is vulnerable.

To detect potential exploitation attempts or suspicious identifiers containing XPath metacharacters (such as single quotes), you can search the pam_usb configuration file and logs for these characters:

  • grep -n "['\"]" /etc/pamusb.conf
  • grep -r "['\"]" /var/log/auth.log

Additionally, monitoring authentication failures or unusual device authentication behavior may help identify exploitation attempts.

Impact Analysis

This vulnerability can impact you by allowing an attacker to perform XPath injection attacks, which may lead to unauthorized access or manipulation of the authentication process. According to the CVSS v3.1 score, the vulnerability has a base score of 6.5, indicating a medium severity with low confidentiality impact, high integrity impact, and no availability impact. This means an attacker could potentially alter authentication data or bypass authentication controls, compromising system integrity.

Mitigation Strategies

To mitigate this vulnerability, upgrade pam_usb to version 0.9.0 or later, where the issue with XPath injection has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47273. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart