PatchSiren

Linux-PAM CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Linux-PAM CVE published 2026-06-14

CVE-2026-54411

CVE-2026-54411 is a MEDIUM severity vulnerability in Linux-PAM, allowing a local or network-adjacent attacker to recover plaintext passwords by measuring timing differences in the pam_userdb module. The vulnerability is caused by an observable timing discrepancy in the plaintext-password comparison path.