CVE-2026-44709 | mcdope pam_usb up to 0.8.6 on Linux Environment Variable PINENTRY_FALLBACK_APP os command injection (GHSA-jxrj-q67x-wr4c)

A vulnerability was found in mcdope pam_usb up to 0.8.6 on Linux. It has been declared as critical. This impacts an unknown function of the component Environment Variable Handler. The manipulation of the argument PINENTRY_FALLBACK_APP results in os command injection.

This vulnerability is known as CVE-2026-44709. Attacking locally is a requirement. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More