CVE-2026-34990

EUVD-2026-18889

03.04.2026, 22:16

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
openprinting	cups	𝑥 ≤ 2.4.16

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cups

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2.4.18-1 fixed
sid	2.4.18-1 fixed
trixie	no-dsa
trixie (security)	vulnerable

openSUSE / SLES Releases

openSUSE Product

Release

cups

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 12 SP3	1.7.5-20.62.1 fixed
suse enterprise server 12 SP5	1.7.5-20.62.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

cups-client

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 12 SP3	1.7.5-20.62.1 fixed
suse enterprise server 12 SP5	1.7.5-20.62.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

cups-config

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

cups-ddk

suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed

cups-devel

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 12 SP5	1.7.5-20.62.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

cups-libs

suse enterprise server 12 SP3	1.7.5-20.62.1 fixed
suse enterprise server 12 SP5	1.7.5-20.62.1 fixed

cups-libs-32bit

suse enterprise server 12 SP3	1.7.5-20.62.1 fixed
suse enterprise server 12 SP5	1.7.5-20.62.1 fixed

libcups2

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

libcups2-32bit

suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed

libcupscgi1

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

libcupsimage2

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

libcupsmime1

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

libcupsppdc1

suse enterprise desktop 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise sap 15 SP7	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP4	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP5	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP6	2.2.7-150000.3.86.1 fixed
suse enterprise server 15 SP7	2.2.7-150000.3.86.1 fixed

Known Exploits!

https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp