Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gwcb-nhpk-2kca
Vulnerability ID VCID-gwcb-nhpk-2kca
Aliases CVE-2026-41079
Summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-125 Out-of-bounds Read
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-41079
cvssv3.1 3.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.3 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080
ssvc Track https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080
cvssv3.1 4.3 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737
ssvc Track https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737
cvssv3.1 4.3 https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv
ssvc Track https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-41079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
b7c2525a885f528d243c3a92197ca99609b3f080 https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080
d7fe0f521ff3b24676511e747b058362b9a20737 https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737
GHSA-6wpw-g8g6-wvrv https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/ Found at https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/ Found at https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/ Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv
Exploit Prediction Scoring System (EPSS)
Percentile 0.01624
EPSS Score 0.00012
Published At April 26, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-25T18:28:00.750748+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2026/41xxx/CVE-2026-41079.json 38.4.0