{"url":"http://public2.vulnerablecode.io/api/packages/584494?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9","type":"deb","namespace":"debian","name":"cups","version":"2.4.2-3+deb12u9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.18-1","latest_non_vulnerable_version":"2.4.18-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349655?format=json","vulnerability_id":"VCID-63fa-a4pr-wqh3","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34978","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18317","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2278","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22733","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22692","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2252","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23991","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2384","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23922","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454957","reference_id":"2454957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454957"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr","reference_id":"GHSA-f53q-7mxp-9gcr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-34978"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350476?format=json","vulnerability_id":"VCID-b1yf-xuc1-ykak","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39314","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02187","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02209","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03695","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03717","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03682","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04573","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04205","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04174","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184","reference_id":"1133184","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456107","reference_id":"2456107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-39314"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350477?format=json","vulnerability_id":"VCID-dx89-e1nn-w7gz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39316","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03075","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03185","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03059","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03144","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03118","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03041","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0303","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03038","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02925","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03796","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05266","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05318","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-39316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183","reference_id":"1133183","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456120","reference_id":"2456120","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456120"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg","reference_id":"GHSA-pjv5-prqp-46rg","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-39316"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354433?format=json","vulnerability_id":"VCID-gwcb-nhpk-2kca","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41079","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01624","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01625","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03056","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0302","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02999","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461611","reference_id":"2461611","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461611"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080","reference_id":"b7c2525a885f528d243c3a92197ca99609b3f080","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737","reference_id":"d7fe0f521ff3b24676511e747b058362b9a20737","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv","reference_id":"GHSA-6wpw-g8g6-wvrv","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-25T01:47:25Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-41079"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwcb-nhpk-2kca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349656?format=json","vulnerability_id":"VCID-hc4t-becn-rkcc","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34979","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11845","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11719","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15851","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15775","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16232","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16081","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16195","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17592","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17403","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17495","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454946","reference_id":"2454946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454946"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh","reference_id":"GHSA-6qxf-7jx6-86fh","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-34979"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66419?format=json","vulnerability_id":"VCID-jy1y-e1nk-p3b4","summary":"CUPS: Local denial-of-service via cupsd.conf update and related issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61915","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09405","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09474","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09817","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.0986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09727","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09867","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09766","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14829","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416039","reference_id":"2416039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416039"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0","reference_id":"db8d560262c22a21ee1e55dfd62fa98d9359bcb0","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc","reference_id":"GHSA-hxm8-vfpq-jrfc","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0312","reference_id":"RHSA-2026:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0464","reference_id":"RHSA-2026:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0596","reference_id":"RHSA-2026:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0596"},{"reference_url":"https://usn.ubuntu.com/7897-1/","reference_id":"USN-7897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7897-1/"},{"reference_url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15","reference_id":"v2.4.15","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/"}],"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584496?format=json","purl":"pkg:deb/debian/cups@2.4.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1"}],"aliases":["CVE-2025-61915"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jy1y-e1nk-p3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349657?format=json","vulnerability_id":"VCID-r1q4-2dq2-33ca","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34980","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04853","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05391","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06241","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06427","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06292","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06318","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1141","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1162","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12469","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12291","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454954","reference_id":"2454954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454954"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf","reference_id":"GHSA-4852-v58g-6cwf","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-34980"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349658?format=json","vulnerability_id":"VCID-ry9y-z4e4-yfdh","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34990","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01328","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01705","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01678","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01682","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01672","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02026","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02008","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01986","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02492","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02438","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02453","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454947","reference_id":"2454947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454947"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp","reference_id":"GHSA-c54j-2vqw-wpwp","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-34990"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349638?format=json","vulnerability_id":"VCID-vgtp-sjtt-73e9","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27447","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01803","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02695","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02639","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02657","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08908","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08839","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09793","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09776","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09632","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.0966","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09824","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454949","reference_id":"2454949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454949"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220","reference_id":"88516bf6d9e34cef7a64a704b856b837f70cd220","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9","reference_id":"GHSA-v987-m8hp-phj9","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1072932?format=json","purl":"pkg:deb/debian/cups@2.4.17-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"}],"aliases":["CVE-2026-27447"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66418?format=json","vulnerability_id":"VCID-wr17-e776-bqh1","summary":"cups: Slow client communication leads to a possible DoS attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58436","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05319","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05361","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05317","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05582","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08227","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0829","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0827","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08144","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0813","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08266","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08216","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08281","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08299","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416040","reference_id":"2416040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416040"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4","reference_id":"40008d76a001babbb9beb9d9d74b01a86fb6ddb4","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr","reference_id":"GHSA-8wpw-vfgm-qrrr","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0312","reference_id":"RHSA-2026:0312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0464","reference_id":"RHSA-2026:0464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0596","reference_id":"RHSA-2026:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"},{"reference_url":"https://usn.ubuntu.com/7912-1/","reference_id":"USN-7912-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7912-1/"},{"reference_url":"https://usn.ubuntu.com/7912-2/","reference_id":"USN-7912-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7912-2/"},{"reference_url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15","reference_id":"v2.4.15","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/"}],"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584496?format=json","purl":"pkg:deb/debian/cups@2.4.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1"}],"aliases":["CVE-2025-58436"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wr17-e776-bqh1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68013?format=json","vulnerability_id":"VCID-3etj-2m21-ffa1","summary":"cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58364","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.2918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.30003","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32388","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32436","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32857","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32735","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32774","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32781","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32668","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32875","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393078","reference_id":"2393078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393078"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d","reference_id":"e58cba9d6fceed4242980e51dbd1302cf638ab1d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4","reference_id":"GHSA-7qx3-r744-6qv4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-11T17:37:26Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15700","reference_id":"RHSA-2025:15700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15701","reference_id":"RHSA-2025:15701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16590","reference_id":"RHSA-2025:16590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16591","reference_id":"RHSA-2025:16591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16592","reference_id":"RHSA-2025:16592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22063","reference_id":"RHSA-2025:22063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"},{"reference_url":"https://usn.ubuntu.com/7745-1/","reference_id":"USN-7745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584494?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9"}],"aliases":["CVE-2025-58364"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3etj-2m21-ffa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68012?format=json","vulnerability_id":"VCID-993k-m3sq-gufu","summary":"cups: Authentication Bypass in CUPS Authorization Handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58060","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1637","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16147","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16263","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16411","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16496","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16551","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16532","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16494","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16376","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16433","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392595","reference_id":"2392595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392595"},{"reference_url":"https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221","reference_id":"595d691075b1d396d2edfaa0a8fd0873a0a1f221","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/"}],"url":"https://github.com/OpenPrinting/cups/commit/595d691075b1d396d2edfaa0a8fd0873a0a1f221"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq","reference_id":"GHSA-4c68-qgrh-rmmq","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-11T17:33:32Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15700","reference_id":"RHSA-2025:15700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15701","reference_id":"RHSA-2025:15701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15702","reference_id":"RHSA-2025:15702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16590","reference_id":"RHSA-2025:16590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16591","reference_id":"RHSA-2025:16591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16592","reference_id":"RHSA-2025:16592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17049","reference_id":"RHSA-2025:17049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17054","reference_id":"RHSA-2025:17054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17141","reference_id":"RHSA-2025:17141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17144","reference_id":"RHSA-2025:17144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17164","reference_id":"RHSA-2025:17164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"},{"reference_url":"https://usn.ubuntu.com/7745-1/","reference_id":"USN-7745-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7745-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584494?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9"}],"aliases":["CVE-2025-58060"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-993k-m3sq-gufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73815?format=json","vulnerability_id":"VCID-am36-6m5v-fkba","summary":"cups: libppd: remote command injection via attacker controlled data in PPD file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47175","reference_id":"","reference_type":"","scores":[{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96934","published_at":"2026-05-09T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96878","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96891","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96923","published_at":"2026-05-05T12:55:00Z"},{"value":"0.33103","scoring_system":"epss","scoring_elements":"0.96927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.33659","scoring_system":"epss","scoring_elements":"0.96918","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33659","scoring_system":"epss","scoring_elements":"0.96955","published_at":"2026-04-24T12:55:00Z"},{"value":"0.33659","scoring_system":"epss","scoring_elements":"0.96957","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47175"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47175"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314256","reference_id":"2314256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2314256"},{"reference_url":"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I","reference_id":"Attacking-UNIX-systems-via-CUPS-Part-I","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"},{"reference_url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6","reference_id":"GHSA-7xfx-47qg-grp6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"},{"reference_url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47","reference_id":"GHSA-p9rh-jxmq-gq47","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"},{"reference_url":"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8","reference_id":"GHSA-rj88-6mr5-rcw8","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"},{"reference_url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5","reference_id":"GHSA-w63j-6g73-wmg5","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7346","reference_id":"RHSA-2024:7346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7461","reference_id":"RHSA-2024:7461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7462","reference_id":"RHSA-2024:7462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7463","reference_id":"RHSA-2024:7463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7503","reference_id":"RHSA-2024:7503","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7504","reference_id":"RHSA-2024:7504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7506","reference_id":"RHSA-2024:7506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7551","reference_id":"RHSA-2024:7551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7553","reference_id":"RHSA-2024:7553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7623","reference_id":"RHSA-2024:7623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9470","reference_id":"RHSA-2024:9470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0083","reference_id":"RHSA-2025:0083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0083"},{"reference_url":"https://usn.ubuntu.com/7041-1/","reference_id":"USN-7041-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7041-1/"},{"reference_url":"https://usn.ubuntu.com/7041-2/","reference_id":"USN-7041-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7041-2/"},{"reference_url":"https://usn.ubuntu.com/7041-3/","reference_id":"USN-7041-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7041-3/"},{"reference_url":"https://usn.ubuntu.com/7045-1/","reference_id":"USN-7045-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7045-1/"},{"reference_url":"https://www.cups.org","reference_id":"www.cups.org","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-27T14:43:04Z/"}],"url":"https://www.cups.org"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584494?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9"}],"aliases":["CVE-2024-47175"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am36-6m5v-fkba"}],"risk_score":"3.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9"}