CVE-2026-34980
EUVD-2026-1888703.04.2026, 22:16
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openprinting | cups | 𝑥 ≤ 2.4.16 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cups |
| ||||||||||||
| cups-client |
| ||||||||||||
| cups-config |
| ||||||||||||
| cups-ddk |
| ||||||||||||
| cups-devel |
| ||||||||||||
| cups-libs |
| ||||||||||||
| cups-libs-32bit |
| ||||||||||||
| libcups2 |
| ||||||||||||
| libcups2-32bit |
| ||||||||||||
| libcupscgi1 |
| ||||||||||||
| libcupsimage2 |
| ||||||||||||
| libcupsmime1 |
| ||||||||||||
| libcupsppdc1 |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| cups |
| ||||
| cups-client |
| ||||
| cups-client-debuginfo |
| ||||
| cups-debuginfo |
| ||||
| cups-debugsource |
| ||||
| cups-devel |
| ||||
| cups-filesystem |
| ||||
| cups-ipptool |
| ||||
| cups-ipptool-debuginfo |
| ||||
| cups-libs |
| ||||
| cups-libs-debuginfo |
| ||||
| cups-lpd |
| ||||
| cups-lpd-debuginfo |
| ||||
| cups-printerapp |
| ||||
| cups-printerapp-debuginfo |
|
Common Weakness Enumeration