CVE-2026-27447
published 2026-04-03CVE-2026-27447: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains…
PriorityP340medium6.3CVSS 3.1
AVNACLPRLUIRSUCHILAN
EPSS
0.32%
23.4th percentile
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups | — | — |
| msrc | azl3_cups_2.4.16-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-11_on_cbl_mariner_2.0 | — | — |
| openprinting | cups | <= 2.4.16 | — |
| ubuntu | cups | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
osv4.8MEDIUM
vendor_ubuntu6.3MEDIUM
vendor_debian4.8MEDIUM
vendor_msrc4.8MEDIUM
vendor_redhat4.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
CUPS regression
vendor_ubuntu·2026-06-15·CVSS 6.3
CVE-2026-27447 [MEDIUM] CUPS regression
Title: CUPS regression
Summary: USN-8405-1 introduced a regression in CUPS
USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a
regression that cause CUPS to crash when parsing certain large printer PPD
files. This update fixes the problem.
Original advisory details:
Ariel Silver discovered that CUPS incorrectly handled username comparisons
during authorization checks. A local attacker could possibly use this issue
to gain unauthorized access to restricted operations. (CVE-2026-27447)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
notify-recipient-uri values in the RSS notifier. A remote attacker could
possibly use this issue to overwrite lp-writable files and cause a denial
of service. (CVE-2026-34978)
Jacob Newman discovered that CUPS incorrectly ha
Ubuntu
CUPS vulnerabilities
vendor_ubuntu·2026-06-08·CVSS 6.3
CVE-2026-41079 [MEDIUM] CUPS vulnerabilities
Title: CUPS vulnerabilities
Summary: Several security issues were fixed in CUPS.
Ariel Silver discovered that CUPS incorrectly handled username comparisons
during authorization checks. A local attacker could possibly use this issue
to gain unauthorized access to restricted operations. (CVE-2026-27447)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
notify-recipient-uri values in the RSS notifier. A remote attacker could
possibly use this issue to overwrite lp-writable files and cause a denial
of service. (CVE-2026-34978)
Jacob Newman discovered that CUPS incorrectly handled filter option strings
when processing job attributes. An attacker could use this issue to cause
CUPS to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-34979
Red Hat
cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison
vendor_redhat·2026-04-03·CVSS 4.8
CVE-2026-27447 [MEDIUM] CWE-178 cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison
cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a
Microsoft
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
vendor_msrc·2026-04-02·CVSS 4.8
CVE-2026-27447 [MEDIUM] CWE-863 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Debian
CVE-2026-27447: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...
vendor_debian·2026·CVSS 4.8
CVE-2026-27447 [MEDIUM] CVE-2026-27447: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
OSV
CVE-2026-27447: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems
osv·2026-04-03·CVSS 4.8
CVE-2026-27447 [MEDIUM] CVE-2026-27447: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-34980 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-34980 [MEDIUM] CVE-2026-34980 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34980 :
OpenPrinting CUPS vulnerability analysis and mitigation
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
Source : NV
Wiz
CVE-2026-34979 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-34979 [MEDIUM] CVE-2026-34979 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34979 :
OpenPrinting CUPS vulnerability analysis and mitigation
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.
Source : NVD
## 5.3
Score
Published April 3, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
OpenPrinting CUPS
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cups-filesystem
cups-libs
Sources
NVD
Debia
Wiz
CVE-2026-34990 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-34990 [MEDIUM] CVE-2026-34990 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34990 :
OpenPrinting CUPS vulnerability analysis and mitigation
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are
Wiz
CVE-2026-27447 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-27447 [MEDIUM] CVE-2026-27447 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27447 :
OpenPrinting CUPS vulnerability analysis and mitigation
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Source : NVD
## 4.8
Score
Published April 3, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
OpenPrinting CUPS
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV R
Wiz
CVE-2026-34978 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-34978 [MEDIUM] CVE-2026-34978 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34978 :
OpenPrinting CUPS vulnerability analysis and mitigation
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly av
Bugzilla
CVE-2026-27447 cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison [fedora-all]
bugzilla·2026-04-03·CVSS 4.8
CVE-2026-27447 [MEDIUM] CVE-2026-27447 cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison [fedora-all]
CVE-2026-27447 cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-7d1173fd68 (cups-2.4.17-1.fc45) has been submitted as an update to Fedora 45.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7d1173fd68
---
FEDORA-2026-bce5853e95 (cups-2.4.17-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-bce5853e95
---
FEDORA-2026-82a2214b53 (cups-2.4.17-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/update
2026-04-03
Published