CVE-2024-8404
published 2024-09-26CVE-2024-8404: An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.39%
30.5th percentile
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder.
Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.
Update:
This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.
Note:
This CVE has been split from CVE-2024-3037.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| papercut | papercut_mf | < 23.0.9 | 23.0.9 |
| papercut | papercut_ng | < 23.0.9 | 23.0.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-4794 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2026-4794 [HIGH] CVE-2026-4794 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4794 :
PaperCut NG vulnerability analysis and mitigation
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).
Source : NVD
## 2.1
Score
Published March 31, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
PaperCut NG
PaperCut MF
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2026-5115 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-5115 [HIGH] CVE-2026-5115 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5115 :
PaperCut MF vulnerability analysis and mitigation
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.
It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
Source : NVD
## 3.6
Score
Published March 31, 2026
Severity LOW
CNA Score 3.6
Affected Technologies
PaperCut MF
Has Public Exploit N
2024-09-26
Published