Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vgtp-sjtt-73e9
Vulnerability ID VCID-vgtp-sjtt-73e9
Aliases CVE-2026-27447
Summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Status Published
Exploitability 0.5
Weighted Severity 5.8
Risk 2.9
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-178 Improper Handling of Case Sensitivity
CWE-863 Incorrect Authorization
System Score Found at
cvssv3 6.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00012 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
epss 0.00034 https://api.first.org/data/v1/epss?cve=CVE-2026-27447
cvssv3.1 4.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.8 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
ssvc Track https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
cvssv3.1 4.8 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
ssvc Track https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
https://api.first.org/data/v1/epss?cve=CVE-2026-27447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1132716 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
2454949 https://bugzilla.redhat.com/show_bug.cgi?id=2454949
88516bf6d9e34cef7a64a704b856b837f70cd220 https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
GHSA-v987-m8hp-phj9 https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
RHSA-2026:8814 https://access.redhat.com/errata/RHSA-2026:8814
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Found at https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/ Found at https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/ Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
Exploit Prediction Scoring System (EPSS)
Percentile 0.01562
EPSS Score 0.00012
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-04T14:49:54.342740+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0