CVE-2026-39316 — Use After Free in Cups
Severity
4.0MEDIUMNVD
EPSS
0.0%
top 94.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 7
Latest updateApr 8
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is s…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4
Affected Packages1 packages
🔴Vulnerability Details
2📋Vendor Advisories
3Red Hat▶
cups: CUPS: Denial of Service and potential arbitrary code execution via use-after-free vulnerability when deleting temporary printers.↗2026-04-07
Microsoft▶
CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer↗2026-04-02
Debian▶
CVE-2026-39316: cups - OpenPrinting CUPS is an open source printing system for Linux and other Unix-lik...↗2026
🕵️Threat Intelligence
1💬Community
2Bugzilla▶
CVE-2026-39316 cups: CUPS: Denial of Service and potential arbitrary code execution via use-after-free vulnerability when deleting temporary printers. [fedora-all]↗2026-04-08
Bugzilla▶
CVE-2026-39316 cups: CUPS: Denial of Service and potential arbitrary code execution via use-after-free vulnerability when deleting temporary printers.↗2026-04-07