CVE-2026-34980

HIGH

7.5

Descripcion

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueADJACENT_NETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado4/3/2026

Ultima modificacion4/16/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

openprinting:cups

Debilidades (CWE)

CWE-20

Referencias

https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.