CVE-2023-27351
published 2023-04-20CVE-2023-27351: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not…
PriorityP193high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2026-05-04
Exploited in the wild
EPSS
78.42%
99.5th percentile
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| djangoproject | django | >= 3.2 < 3.2.25 | 3.2.25 |
| djangoproject | django | >= 4.2 < 4.2.11 | 4.2.11 |
| djangoproject | django | >= 5.0 < 5.0.3 | 5.0.3 |
| papercut | ng | — | — |
| papercut | papercut_mf | >= 15.0 < 20.1.7 | 20.1.7 |
| papercut | papercut_mf | >= 21.0.0 < 21.2.11 | 21.2.11 |
| papercut | papercut_mf | >= 22.0.0 < 22.0.9 | 22.0.9 |
| papercut | papercut_ng | >= 15.0 < 20.1.7 | 20.1.7 |
| papercut | papercut_ng | >= 21.0.0 < 21.2.11 | 21.2.11 |
| papercut | papercut_ng | >= 22.0.0 < 22.0.9 | 22.0.9 |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Rule 4836: CVE-2023-27351 - PaperCut MF/NG Authentication Bypass Exploit - HTTP (REQUEST)
- →The flaw exists within the SecurityRequestFilter class — monitor HTTP requests targeting PaperCut's authentication filter path for unauthenticated access attempts. ↗
- →CVE-2023-27351 exploitation can result in exfiltration of usernames, full names, email addresses, office/department info, payment card numbers, and hashed passwords from internal PaperCut accounts — monitor for bulk user data access. ↗
- →Apply Trend Micro Deep Security/Workload Security IPS Rule 1011732 to detect CVE-2023-27351 exploitation attempts. ↗
- →Apply Trend Micro TippingPoint/Cloud One Network Security filter 42258 to detect CVE-2023-27351 (ZDI-23-232) exploitation over HTTP. ↗
- ·CVE-2023-27351 only affects PaperCut MF or PaperCut NG version 15.0 or later; versions below 15.0 are not affected by this specific vulnerability. ↗
- ·As of the Trend Micro report date, there was no evidence of CVE-2023-27351 being exploited in the wild — active exploitation was only confirmed for CVE-2023-27350. ↗
- ·Process-spawn detection (pc-app.exe spawning cmd.exe/powershell.exe) may produce false positives due to expected legitimate admin activity; unusual patterns or frequencies should prompt further investigation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
ghsa7.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sonos One Speaker MPEG-TS Parser stack-based overflow (EUVD-2023-31127 / Replaced by VDB-226987)
vuldb·2026-04-21·CVSS 7.5
CVE-2023-27351 [HIGH] Sonos One Speaker MPEG-TS Parser stack-based overflow (EUVD-2023-31127 / Replaced by VDB-226987)
A vulnerability, which was classified as critical, has been found in Sonos One Speaker. This issue affects some unknown processing of the component MPEG-TS Parser. This manipulation causes stack-based buffer overflow.
This vulnerability is tracked as CVE-2023-27351. The attack is possible to be carried out remotely. Moreover, an exploit is present.
VulDB
PaperCut MF/NG up to 20.1.6/21.2.10/22.0.8 MPEG-TS Parser stack-based overflow (EUVD-2023-31127 / Replaces VDB-226088)
vuldb·2026-04-21·CVSS 7.5
CVE-2023-27351 [HIGH] PaperCut MF/NG up to 20.1.6/21.2.10/22.0.8 MPEG-TS Parser stack-based overflow (EUVD-2023-31127 / Replaces VDB-226088)
A vulnerability was found in PaperCut MF and NG up to 20.1.6/21.2.10/22.0.8 and classified as critical. Affected by this issue is some unknown functionality of the component MPEG-TS Parser. The manipulation results in stack-based buffer overflow.
This vulnerability is identified as CVE-2023-27351. The attack can be executed remotely. Additionally, an exploit exists.
It is suggested to upgrade the affected component.
GHSA
Regular expression denial-of-service in Django
ghsa·2024-03-15·CVSS 7.5
CVE-2024-27351 [HIGH] CWE-1333 Regular expression denial-of-service in Django
Regular expression denial-of-service in Django
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
GHSA
GHSA-2c69-r2jh-xjvm: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22
ghsa_unreviewed·2023-04-20
CVE-2023-27351 [HIGH] CWE-287 GHSA-2c69-r2jh-xjvm: This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
VulnCheck
PaperCut papercut_mf Improper Authentication
vulncheck·2023·CVSS 7.5
CVE-2023-27351 [HIGH] PaperCut papercut_mf Improper Authentication
PaperCut papercut_mf Improper Authentication
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Affected: PaperCut papercut_mf
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.hhs.gov/sites/default/files/cl0p-lockbit-new-dat
CISA
PaperCut NG/MF Improper Authentication Vulnerability
cisa·2026-04-20·CVSS 7.5
CVE-2023-27351 [HIGH] CWE-287 PaperCut NG/MF Improper Authentication Vulnerability
Vulnerability: PaperCut NG/MF Improper Authentication Vulnerability
Affected: PaperCut NG/MF
PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
Remediation Due Date: 2026-05-04
No detection rules found.
Nuclei
PaperCut NG - Authentication Bypass
nuclei·CVSS 7.5
CVE-2023-27351 [HIGH] PaperCut NG - Authentication Bypass
PaperCut NG - Authentication Bypass
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Template:
id: CVE-2023-27351
info:
name: PaperCut NG - Authentication Bypass
author: daffainfo,jjcho
severity: high
description: |
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerabil
Hackernews
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
blogs_hackernews·2026-04-21·CVSS 7.5
CVE-2023-27351 [HIGH] CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2023-27351 (CVSS score: 8.2) - An improper authentication vulnerability in PaperCut NG/MF that could allow an attacker to bypass authentication on affected installations via the SecurityRequestFilter class.
CVE-2024-27199 (CVSS score: 7.3) -
Hackernews
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
blogs_hackernews·2026-04-07·CVSS 8.8
[HIGH] China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems.
"The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, the United Kingdom, and
Bleepingcomputer
Microsoft links Medusa ransomware affiliate to zero-day attacks
blogs_bleepingcomputer·2026-04-06·CVSS 8.8
[HIGH] Microsoft links Medusa ransomware affiliate to zero-day attacks
## Microsoft links Medusa ransomware affiliate to zero-day attacks
## Sergiu Gatlan
"The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent intrusions heavily impacting healthcare organizations, as well as those in the education, professional services, and finance sectors in Australia, United Kingdom, and United States."
Microsoft has also observed Storm-1175 operators chaining multiple exploits to gain persistence on compromised systems by creating new user accounts, deploying remote monitoring and management software, stealing credentials, and disabling security software before dropping ransomware payloads.
In October, Microsoft reported that Storm-1175 had been exploiting a maximum-severity GoAnywhere MFT
Qualys
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
blogs_qualys·2025-05-08
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
## Table of Contents
Who is LockBit? How it Evolved and Operates
Monero: The Coin of the Realm
Patch or Mitigate Now: Critical CVEs Exploited by LockBit
Beyond Traditional Endpoints: Other Compromised Systems
Initial Access and Deployment
Conclusion
The LockBit ransomware gang recently suffered a significant data breach. Their dark web affiliate panels were defaced with the message “Don’t do crime CRIME IS BAD xoxo from Prague,” linking to a MySQL database dump. This archive contains a SQL file from LockBit’s affiliate panel database that includes twenty tables, notably including a ‘btc_addresses’ table with 59,975 unique bitcoin addresses and a ‘chats’ table containing over 4,400 victim negotiation messages from December 2024 to the end of April 2025.
This blog post will leverage
Fortinet
Ransomware Roundup - Cl0p | FortiGuard Labs
blogs_fortinet·2023-07-21·CVSS 9.8
[CRITICAL] Ransomware Roundup - Cl0p | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Ransomware Roundup - Cl0p
By Shunichi Imano and James Slaughter | July 21, 2023
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.
This edition of the Ransomware Roundup covers the Cl0p ransomware.
Affected platforms: Microsoft Windows, Linux
Impacted parties: Microsoft Windows, Linux Users
Impact: Encrypts and exfiltrates victims’ files and demands ransom for file decryption and not to leak stolen files
Severity level: High
Recently, the Cl0p ransomware group received
Sentinelone
PaperCut Vulnerability: Unpatched Servers Exploited in the Wild
blogs_sentinelone·2023-05-04·CVSS 9.8
CVE-2023-27350 [CRITICAL] PaperCut Vulnerability: Unpatched Servers Exploited in the Wild
On March 8, 2023, PaperCut fixed two new vulnerabilities, CVE-2023-27350 and CVE-2023-27351. These problems could have allowed an attacker to take control of the PaperCut server from a remote location.
CVE-2023-27350 is a vulnerability that allows remote attackers to bypass authentication on affected installations of PaperCut NG version 8.0 or later on all OS platforms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control.
This critical-rated vulnerability carries a severity score of 9.8 out of 10, indicating its high potential for damage if exploited.
Another vulnerability in PaperCut, CVE-2023-27351, could allow unauthorized attackers to access and extract sensitive user a
Sentinelone
PaperCut Vulnerability: Unpatched Servers Exploited in the Wild
blogs_sentinelone·2023-05-04·CVSS 9.8
CVE-2023-27350 [CRITICAL] PaperCut Vulnerability: Unpatched Servers Exploited in the Wild
On March 8, 2023, PaperCut fixed two new vulnerabilities, CVE-2023-27350 and CVE-2023-27351. These problems could have allowed an attacker to take control of the PaperCut server from a remote location.
CVE-2023-27350 is a vulnerability that allows remote attackers to bypass authentication on affected installations of PaperCut NG version 8.0 or later on all OS platforms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control.
This critical-rated vulnerability carries a severity score of 9.8 out of 10, indicating its high potential for damage if exploited.
Another vulnerability in PaperCut, CVE-2023-27351, could allow unauthorized attackers to access and extract sensitive user a
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Sfruttamento vulnerabilità
## Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro Apr 26, 2023 Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We also a
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Exploits y vulnerabilidades
## Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro Apr 26, 2023 Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We also
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Exploits & Vulnerabilities
## Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro Apr 26, 2023 Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We also a
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Exploits & Vulnerabilities
# Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro
2023/04/26
Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We also add
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Exploits & Vulnerabilities
## Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro 2023/04/26 Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We also add
Trendmicro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
blogs_trendmicro·2023-04-26·CVSS 9.8
CVE-2023-27350 [CRITICAL] Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Ausnutzung von Schwachstellen
## Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
By: Trend Micro Apr 26, 2023 Read time: ( words)
Save to Folio
Updated on April 27, 2023 10:40 p.m. EDT: We updated the entry to include information on the discovery of LockBit as the malicious payload and add Trend Micro Cloud One™ solutions.
Updated on April 26, 2023, 4:12 a.m. EDT where we added details on an observed instance through Trend Micro Managed XDR where we believe the vulnerabilities detailed in this blog were abused by threat actors. We als
Huntress
Critical Vulnerabilities in PaperCut Print Management Software | Huntress
blogs_huntress·2023-04-21·CVSS 9.8
[CRITICAL] Critical Vulnerabilities in PaperCut Print Management Software | Huntress
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
UPDATE #1 - 4/25/23 @ 11am ET : Added information about additional exploitation seen against Papercut MF/NG Server where a crypto-miner was deployed.
Huntress has observed post-exploitation activities within our partner environments following the exploitation of recent PaperCut MF/NG vulnerabilities. On April 19th, PaperCut reported active in the wild exploitation against vulnerable versions 8.0 and above, and prior to 20.1.7 , 21.2.11 , or 22.0.9 .
These threats have been tagged by the Zero Day Initiative as ZDI-CAN-19226 ( CVE-2023-27351 ) and ZDI-CAN-18987 ( CVE-2023-27350 ).
In our protected environme
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Huntress
Critical Vulnerabilities in PaperCut Print Management Software | Huntress
blogs_huntress·CVSS 9.8
[CRITICAL] Critical Vulnerabilities in PaperCut Print Management Software | Huntress
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
UPDATE #1 - 4/25/23 @ 11am ET: Added information about additional exploitation seen against Papercut MF/NG Server where a crypto-miner was deployed.
Huntress has observed post-exploitation activities within our partner environments following the exploitation of recent PaperCut MF/NG vulnerabilities. On April 19th, PaperCut reported active in the wild exploitation against vulnerable versions 8.0 and above, and prior to 20.1.7, 21.2.11, or 22.0.9.
These threats have been tagged by the Zero Day Initiative as ZDI-CAN-19226 (CVE-2023-27351) and ZDI-CAN-18987 (CVE-2023-27350).
In our protected environments, we
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219https://www.zerodayinitiative.com/advisories/ZDI-23-232/https://www.papercut.com/kb/Main/PO-1216-and-PO-1219https://www.zerodayinitiative.com/advisories/ZDI-23-232/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351
2023-04-20
Published
2026-04-20
Added to CISA KEV
Exploited in the wild