CVE-2026-47273

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifiers were not validated for XPath metacharacters, allowing injection of arbitrary XPath predicates. This vulnerability is fixed in 0.9.0.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Weakness Type (CWE)

CWE-91 CWE-91

References

Other References

https://github.com/mcdope/pam_usb/commit/721fed08a3596cb5b4671ad702f8fdc12dcc7420 https://github.com/mcdope/pam_usb/pull/311 https://github.com/mcdope/pam_usb/security/advisories/GHSA-vfj3-5h5v-6g93

Frequently Asked Questions

What is CVE-2026-47273? +

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and device-supplied identifiers (USB device serial, model, vendor) to query /etc/pamusb.conf. These identifiers were not validated for XPath metacharacters, allowing injection of arbitrary XPath predicates. This vulnerability is fixed in 0.9.0. It has a CVSS v3.1 base score of 6.5 (MEDIUM).

How severe is CVE-2026-47273? +

CVE-2026-47273 has a CVSS v3.1 score of 6.5 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

How do I check if I'm vulnerable to CVE-2026-47273? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2025-9375

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope …

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to …

CVE-2024-51136 9.8

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary …

CVE-2025-24404 8.8

XML Injection RCE by parse http sitemap xml response vulnerability in Apache HertzBeat. The attacker needs to have an authenticated …

Description

CVSS v3.1 Score

Weakness Type (CWE)

References

Other References

Frequently Asked Questions

Related Vulnerabilities

Don't wait for an exploit