CVE-2026-1997

EUVD-2026-6735
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.

CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
hpm9l65a_firmware
𝑥
< 001.2602a
hpd9l20a_firmware
𝑥
< 001.2602b
hpk7s32a_firmware
𝑥
< 001.2602b
hpd9l21a_firmware
𝑥
< 001.2602b
hpk7s42a_firmware
𝑥
< 001.2602b
hpt0g65a_firmware
𝑥
< 001.2602b
hpk7s39a_firmware
𝑥
< 001.2602b
hpj6x83a_firmware
𝑥
< 001.2602b
hpk7s43a_firmware
𝑥
< 001.2602b
hpk7s40a_firmware
𝑥
< 001.2602b
hpk7s41a_firmware
𝑥
< 001.2602b
hpt0g56a_firmware
𝑥
< 001.2602b
hpd9l63a_firmware
𝑥
< 001.2602b
hpd9l64a_firmware
𝑥
< 001.2602b
hpj3p65a_firmware
𝑥
< 001.2602b
hpj3p66a_firmware
𝑥
< 001.2602b
hpj3p67a_firmware
𝑥
< 001.2602b
hpj3p68a_firmware
𝑥
< 001.2602b
hpt0g70a_firmware
𝑥
< 001.2602b
hpg5j38a_firmware
𝑥
< 001.2602a
hpt1p99a_firmware
𝑥
< 001.2602a
hpl3t99a_firmware
𝑥
< 001.2602a
hpy0s19a_firmware
𝑥
< 001.2602a
hpg5j56a_firmware
𝑥
< 001.2602a
hpy0s18a_firmware
𝑥
< 001.2602a
hpd9l18a_firmware
𝑥
< 001.2602a
hpm9l66a_firmware
𝑥
< 001.2602a
hpm9l67a_firmware
𝑥
< 001.2602a
hpt0g46a_firmware
𝑥
< 001.2602a
hpj6x76a_firmware
𝑥
< 001.2602a
hpj6x78a_firmware
𝑥
< 001.2602a
hpj6x80a_firmware
𝑥
< 001.2602a
hpk7s37a_firmware
𝑥
< 001.2602a
hpm9l70a_firmware
𝑥
< 001.2602a
hpj6x77a_firmware
𝑥
< 001.2602a
hpj6x81a_firmware
𝑥
< 001.2602a
hpj6x79a_firmware
𝑥
< 001.2602a
hpk7s38a_firmware
𝑥
< 001.2602a
hpt0g47a_firmware
𝑥
< 001.2602a
hpt0g48a_firmware
𝑥
< 001.2602a
hpt0g49a_firmware
𝑥
< 001.2602a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086