CVE ID :CVE-2026-48066 Published : May 27, 2026, 8:16 p.m. | 1 hour, 7 minutes ago Description :pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data race when the PAM stack is invoked concurrently from multiple threads. This vulnerability is fixed in 0.9.1. Severity: 5.7 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...