A vulnerability was found in mcdope pam_usb up to 0.9.1 on Linux. It has been rated as problematic . This affects the function pusb_is_loginctl_local of the component PAM Module . This manipulation of the argument Remote causes null pointer dereference. This vulnerability appears as CVE-2026-48985 . The attack requires local access. There is no available exploit. Upgrading the affected component is advised.