CVE-2026-27447 — Incorrect Authorization in Cups

CWE-863 — Incorrect Authorization CWE-178 — Improper Handling of Case Sensitivity7 documents7 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 90.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openprinting Cups

Timeline

PublishedApr 3

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly a…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:NExploitability: 0.5 | Impact: 4.2

Affected Packages1 packages

▶CVEListV5openprinting/cups2.4.16

🔴Vulnerability Details

OSV

CVE-2026-27447: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems↗2026-04-03

▶

CVEList

OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup↗2026-04-03

▶

📋Vendor Advisories

Red Hat

cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison↗2026-04-03

▶

Microsoft

OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup↗2026-04-02

▶

Debian

CVE-2026-27447: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-27447 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶