CVE-2026-34978Path Traversal in Cups

CWE-22Path Traversal7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openprinting Cups
Timeline
PublishedApr 3

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-fi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

CVEListV5openprinting/cups2.4.16

🔴Vulnerability Details

2
CVEList
OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)2026-04-03
OSV
CVE-2026-34978: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems2026-04-03

📋Vendor Advisories

3
Red Hat
cups: OpenPrinting CUPS: Denial of Service via path traversal in RSS notifier2026-04-03
Microsoft
OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)2026-04-02
Debian
CVE-2026-34978: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-34978 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-34978 — Path Traversal in Openprinting Cups | cvebase