CVE-2026-27447
MEDIUM EPSS 23.4%
Published Apr 3, 20262mo ago · Modified Jun 17, 20261w ago
6.3 CVSS 3.1
Published Apr 3, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
23.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-863 Incorrect Authorization Authorization
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openprinting | cups | * | ≤2.4.16 |
References 2
- github.com https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
- github.com https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
Remediation
- github.com https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220