{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349655?format=json","vulnerability_id":"VCID-63fa-a4pr-wqh3","summary":"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.","aliases":[{"alias":"CVE-2026-34978"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077569?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081638?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=loongarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088392?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=ppc64le&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=ppc64le&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088396?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86_64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088399?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armv7&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armv7&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088400?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=loongarch64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=loongarch64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077566?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=ppc64le&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=ppc64le&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077568?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=s390x&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=s390x&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077570?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86_64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86_64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081635?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=aarch64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=aarch64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081637?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armv7&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armv7&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081641?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=s390x&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=s390x&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081642?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081643?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86_64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86_64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088390?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armv7&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armv7&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088397?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=aarch64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=aarch64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088507?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armv7&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armv7&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081636?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armhf&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armhf&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088402?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=riscv64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=riscv64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088405?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86_64&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86_64&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077562?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=aarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=aarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077563?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armhf&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armhf&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077567?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=riscv64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=riscv64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077565?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=loongarch64&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=loongarch64&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081639?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=ppc64le&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1081640?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=riscv64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=riscv64&distroversion=v3.23&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1077564?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armv7&distroversion=edge&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armv7&distroversion=edge&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088391?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=loongarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=loongarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088401?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=ppc64le&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=ppc64le&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088510?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=s390x&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=s390x&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088512?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86_64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86_64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088388?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=aarch64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=aarch64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088389?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armhf&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armhf&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088393?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088394?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=s390x&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=s390x&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088398?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armhf&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armhf&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088403?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=s390x&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=s390x&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088404?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86&distroversion=v3.22&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86&distroversion=v3.22&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088505?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088506?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=armhf&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=armhf&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088508?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=ppc64le&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=ppc64le&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088509?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=riscv64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=riscv64&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088511?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86&distroversion=v3.20&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1088395?format=json","purl":"pkg:apk/alpine/cups@2.4.18-r0?arch=x86&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cups@2.4.18-r0%3Farch=x86&distroversion=v3.21&reponame=main"},{"url":"http://public2.vulnerablecode.io/api/packages/1072608?format=json","purl":"pkg:deb/debian/cups@2.4.17-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081972?format=json","purl":"pkg:deb/debian/cups@2.4.18-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1081509?format=json","purl":"pkg:deb/debian/cups@2.4.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.18-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582113?format=json","purl":"pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584493?format=json","purl":"pkg:deb/debian/cups@2.3.3op2-3%2Bdeb11u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3etj-2m21-ffa1"},{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-993k-m3sq-gufu"},{"vulnerability":"VCID-am36-6m5v-fkba"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.3.3op2-3%252Bdeb11u8"},{"url":"http://public2.vulnerablecode.io/api/packages/582114?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584494?format=json","purl":"pkg:deb/debian/cups@2.4.2-3%2Bdeb12u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.2-3%252Bdeb12u9"},{"url":"http://public2.vulnerablecode.io/api/packages/582115?format=json","purl":"pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584495?format=json","purl":"pkg:deb/debian/cups@2.4.10-3%2Bdeb13u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-jy1y-e1nk-p3b4"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.10-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/582116?format=json","purl":"pkg:deb/debian/cups@2.4.16-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584496?format=json","purl":"pkg:deb/debian/cups@2.4.16-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-gwcb-nhpk-2kca"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1072985?format=json","purl":"pkg:rpm/redhat/cups-main@2.4.17-1?arch=hum1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3etj-2m21-ffa1"},{"vulnerability":"VCID-63fa-a4pr-wqh3"},{"vulnerability":"VCID-6qd1-jvb8-jqak"},{"vulnerability":"VCID-7xq5-z572-xub3"},{"vulnerability":"VCID-993k-m3sq-gufu"},{"vulnerability":"VCID-b1yf-xuc1-ykak"},{"vulnerability":"VCID-dx89-e1nn-w7gz"},{"vulnerability":"VCID-hc4t-becn-rkcc"},{"vulnerability":"VCID-r1q4-2dq2-33ca"},{"vulnerability":"VCID-ry9y-z4e4-yfdh"},{"vulnerability":"VCID-vgtp-sjtt-73e9"},{"vulnerability":"VCID-wr17-e776-bqh1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups-main@2.4.17-1%3Farch=hum1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34978","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18317","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22765","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2278","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22733","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22531","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22692","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2252","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22838","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23991","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24042","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23953","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2384","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23922","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.23935","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29349","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29341","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716","reference_id":"1132716","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454957","reference_id":"2454957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454957"},{"reference_url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr","reference_id":"GHSA-f53q-7mxp-9gcr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/"}],"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8814","reference_id":"RHSA-2026:8814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8814"}],"weaknesses":[{"cwe_id":22,"name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory."}],"exploits":[],"severity_range_score":"6.5 - 6.5","exploitability":"0.5","weighted_severity":"5.9","risk_score":3.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3"}