VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-63fa-a4pr-wqh3

Essentials
Severities (17)
References (8)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-63fa-a4pr-wqh3
Aliases	CVE-2026-34978
Summary	OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2026-34978
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
ssvc	Track	https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-34978
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1132716		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
2454957		https://bugzilla.redhat.com/show_bug.cgi?id=2454957
GHSA-f53q-7mxp-9gcr		https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
RHSA-2026:8814		https://access.redhat.com/errata/RHSA-2026:8814

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/ Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr

Exploit Prediction Scoring System (EPSS)

Percentile	0.18317
EPSS Score	0.00058
Published At	April 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-04T14:49:55.199735+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0