Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-r1q4-2dq2-33ca
Vulnerability ID VCID-r1q4-2dq2-33ca
Aliases CVE-2026-34980
Summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
Status Published
Exploitability 0.5
Weighted Severity 5.8
Risk 2.9
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-20 Improper Input Validation
System Score Found at
cvssv3 6.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.0002 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2026-34980
cvssv3.1 6.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4 6.1 https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
ssvc Track https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
https://api.first.org/data/v1/epss?cve=CVE-2026-34980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1132716 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
2454954 https://bugzilla.redhat.com/show_bug.cgi?id=2454954
GHSA-4852-v58g-6cwf https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
RHSA-2026:8814 https://access.redhat.com/errata/RHSA-2026:8814
No exploits are available.
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/ Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
Exploit Prediction Scoring System (EPSS)
Percentile 0.04853
EPSS Score 0.00018
Published At April 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-04T14:49:55.230303+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0