Vulnerability Details CVE-2026-3184
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 3.7
References
Products affected by CVE-2026-3184
-
cpe:2.3:a:kernel:util-linux:-
-
cpe:2.3:a:redhat:hardened_images:-