CVE-2026-27447
EUVD-2026-1886303.04.2026, 22:16
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openprinting | cups | 𝑥 ≤ 2.4.16 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| cups |
| ||||||||||
| cups-client |
| ||||||||||
| cups-config |
| ||||||||||
| cups-ddk |
| ||||||||||
| cups-devel |
| ||||||||||
| cups-libs |
| ||||||||||
| cups-libs-32bit |
| ||||||||||
| libcups2 |
| ||||||||||
| libcups2-32bit |
| ||||||||||
| libcupscgi1 |
| ||||||||||
| libcupsimage2 |
| ||||||||||
| libcupsmime1 |
| ||||||||||
| libcupsppdc1 |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| cups |
| ||
| cups-client |
| ||
| cups-client-debuginfo |
| ||
| cups-debuginfo |
| ||
| cups-debugsource |
| ||
| cups-devel |
| ||
| cups-filesystem |
| ||
| cups-ipptool |
| ||
| cups-ipptool-debuginfo |
| ||
| cups-libs |
| ||
| cups-libs-debuginfo |
| ||
| cups-lpd |
| ||
| cups-lpd-debuginfo |
| ||
| cups-printerapp |
| ||
| cups-printerapp-debuginfo |
|