CVE-2026-1997

MEDIUM EPSS 9.8%

Published Feb 10, 20264mo ago · Modified Feb 12, 20264mo ago

6.9 CVSS 4.0

Medium

Published Feb 10, 2026 4mo ago

Last Modified Feb 12, 2026 4mo ago

Description

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

CVSS Details

Base Score

6.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

9.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-346

Affected Products 82

Vendor	Product	Version	Range
hp	m9l65a_firmware	*	<001.2602a
hp	m9l65a	*	any
hp	d9l20a_firmware	*	<001.2602b
hp	d9l20a	*	any
hp	k7s32a_firmware	*	<001.2602b
hp	k7s32a	*	any
hp	d9l21a_firmware	*	<001.2602b
hp	d9l21a	*	any
hp	k7s42a_firmware	*	<001.2602b
hp	k7s42a	*	any
hp	t0g65a_firmware	*	<001.2602b
hp	t0g65a	*	any
hp	k7s39a_firmware	*	<001.2602b
hp	k7s39a	*	any
hp	j6x83a_firmware	*	<001.2602b
hp	j6x83a	*	any
hp	k7s43a_firmware	*	<001.2602b
hp	k7s43a	*	any
hp	k7s40a_firmware	*	<001.2602b
hp	k7s40a	*	any
hp	k7s41a_firmware	*	<001.2602b
hp	k7s41a	*	any
hp	t0g56a_firmware	*	<001.2602b
hp	t0g56a	*	any
hp	d9l63a_firmware	*	<001.2602b
hp	d9l63a	*	any
hp	d9l64a_firmware	*	<001.2602b
hp	d9l64a	*	any
hp	j3p65a_firmware	*	<001.2602b
hp	j3p65a	*	any
hp	j3p66a_firmware	*	<001.2602b
hp	j3p66a	*	any
hp	j3p67a_firmware	*	<001.2602b
hp	j3p67a	*	any
hp	j3p68a_firmware	*	<001.2602b
hp	j3p68a	*	any
hp	t0g70a_firmware	*	<001.2602b
hp	t0g70a	*	any
hp	g5j38a_firmware	*	<001.2602a
hp	g5j38a	*	any
hp	t1p99a_firmware	*	<001.2602a
hp	t1p99a	*	any
hp	l3t99a_firmware	*	<001.2602a
hp	l3t99a	*	any
hp	y0s19a_firmware	*	<001.2602a
hp	y0s19a	*	any
hp	g5j56a_firmware	*	<001.2602a
hp	g5j56a	*	any
hp	y0s18a_firmware	*	<001.2602a
hp	y0s18a	*	any
hp	d9l18a_firmware	*	<001.2602a
hp	d9l18a	*	any
hp	m9l66a_firmware	*	<001.2602a
hp	m9l66a	*	any
hp	m9l67a_firmware	*	<001.2602a
hp	m9l67a	*	any
hp	t0g46a_firmware	*	<001.2602a
hp	t0g46a	*	any
hp	j6x76a_firmware	*	<001.2602a
hp	j6x76a	*	any
hp	j6x78a_firmware	*	<001.2602a
hp	j6x78a	*	any
hp	j6x80a_firmware	*	<001.2602a
hp	j6x80a	*	any
hp	k7s37a_firmware	*	<001.2602a
hp	k7s37a	*	any
hp	m9l70a_firmware	*	<001.2602a
hp	m9l70a	*	any
hp	j6x77a_firmware	*	<001.2602a
hp	j6x77a	*	any
hp	j6x81a_firmware	*	<001.2602a
hp	j6x81a	*	any
hp	j6x79a_firmware	*	<001.2602a
hp	j6x79a	*	any
hp	k7s38a_firmware	*	<001.2602a
hp	k7s38a	*	any
hp	t0g47a_firmware	*	<001.2602a
hp	t0g47a	*	any
hp	t0g48a_firmware	*	<001.2602a
hp	t0g48a	*	any
hp	t0g49a_firmware	*	<001.2602a
hp	t0g49a	*	any

References 1

support.hp.com https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.