CVE-2026-34980Improper Input Validation in Cups

CWE-20Improper Input ValidationCWE-78OS Command Injection7 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 87.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openprinting Cups
Timeline
PublishedApr 3

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted schedule

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5openprinting/cups2.4.16

🔴Vulnerability Details

2
CVEList
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network2026-04-03
OSV
CVE-2026-34980: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems2026-04-03

📋Vendor Advisories

3
Red Hat
cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network2026-04-03
Microsoft
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network2026-04-02
Debian
CVE-2026-34980: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-34980 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-34980 — Improper Input Validation in Cups | cvebase