Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/cups@2.4.17-1
Typedeb
Namespacedebian
Namecups
Version2.4.17-1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-63fa-a4pr-wqh3
vulnerability_id VCID-63fa-a4pr-wqh3
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18102
published_at 2026-04-08T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18317
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18019
published_at 2026-04-07T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22692
published_at 2026-04-21T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22765
published_at 2026-04-13T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.2278
published_at 2026-04-16T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22733
published_at 2026-04-18T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22838
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22859
published_at 2026-04-11T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22822
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
reference_id 2454957
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
reference_id GHSA-f53q-7mxp-9gcr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34978
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3
1
url VCID-b1yf-xuc1-ykak
vulnerability_id VCID-b1yf-xuc1-ykak
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39314
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02171
published_at 2026-04-12T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02187
published_at 2026-04-08T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02209
published_at 2026-04-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02186
published_at 2026-04-11T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03682
published_at 2026-04-21T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03555
published_at 2026-04-18T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04174
published_at 2026-04-16T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04205
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39314
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184
reference_id 1133184
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456107
reference_id 2456107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456107
6
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-39314
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak
2
url VCID-dx89-e1nn-w7gz
vulnerability_id VCID-dx89-e1nn-w7gz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39316
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03159
published_at 2026-04-08T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03185
published_at 2026-04-09T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03043
published_at 2026-04-21T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03144
published_at 2026-04-11T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03118
published_at 2026-04-12T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02925
published_at 2026-04-18T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05318
published_at 2026-04-13T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05266
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39316
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183
reference_id 1133183
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456120
reference_id 2456120
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456120
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg
reference_id GHSA-pjv5-prqp-46rg
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-39316
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz
3
url VCID-hc4t-becn-rkcc
vulnerability_id VCID-hc4t-becn-rkcc
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34979
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11845
published_at 2026-04-04T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11719
published_at 2026-04-08T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11635
published_at 2026-04-07T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15919
published_at 2026-04-12T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15958
published_at 2026-04-11T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15775
published_at 2026-04-16T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15851
published_at 2026-04-13T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15979
published_at 2026-04-09T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16232
published_at 2026-04-21T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16195
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34979
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454946
reference_id 2454946
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454946
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh
reference_id GHSA-6qxf-7jx6-86fh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34979
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc
4
url VCID-r1q4-2dq2-33ca
vulnerability_id VCID-r1q4-2dq2-33ca
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05391
published_at 2026-04-21T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08209
published_at 2026-04-18T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11495
published_at 2026-04-08T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.1162
published_at 2026-04-04T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.1141
published_at 2026-04-07T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12462
published_at 2026-04-09T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12431
published_at 2026-04-12T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12391
published_at 2026-04-13T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12291
published_at 2026-04-16T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12469
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
reference_id 2454954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
reference_id GHSA-4852-v58g-6cwf
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34980
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca
5
url VCID-ry9y-z4e4-yfdh
vulnerability_id VCID-ry9y-z4e4-yfdh
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34990
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01453
published_at 2026-04-08T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01328
published_at 2026-04-18T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01448
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01672
published_at 2026-04-21T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-04-13T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.01927
published_at 2026-04-04T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.01986
published_at 2026-04-16T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02044
published_at 2026-04-09T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02026
published_at 2026-04-11T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02012
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34990
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454947
reference_id 2454947
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454947
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
reference_id GHSA-c54j-2vqw-wpwp
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34990
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh
6
url VCID-vgtp-sjtt-73e9
vulnerability_id VCID-vgtp-sjtt-73e9
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27447
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01562
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08917
published_at 2026-04-08T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08839
published_at 2026-04-07T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08908
published_at 2026-04-04T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09815
published_at 2026-04-09T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.09824
published_at 2026-04-11T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09793
published_at 2026-04-12T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.09776
published_at 2026-04-13T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.0966
published_at 2026-04-16T12:55:00Z
9
value 0.00034
scoring_system epss
scoring_elements 0.09632
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454949
reference_id 2454949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454949
6
reference_url https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
reference_id 88516bf6d9e34cef7a64a704b856b837f70cd220
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/
url https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
7
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
reference_id GHSA-v987-m8hp-phj9
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
8
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-27447
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1