Skip to main content

HPLIP CVE-2026-14544

| EUVDEUVD-2026-41515 CRITICAL
Integer Overflow or Wraparound (CWE-190)
2026-07-03 redhat GHSA-vwpr-fv2p-8c56
9.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (redhat) PRIMARY
CRITICAL
qualitative
NVD
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Kept AV:N/PR:N because a network-exposed CUPS queue can accept crafted jobs unauthenticated, and code execution in the filter yields full C/I/A impact; AV:N is the worst-case and assumes network printing is enabled.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 03, 2026 - 08:21 vuln.today
CVE Published
Jul 03, 2026 - 07:26 nvd
CRITICAL 9.8

DescriptionNVD

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

AnalysisAI

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach network-exposed CUPS queue
Delivery
Submit crafted HP print job
Exploit
Overflow integer in hpcups parser
Execution
Corrupt filter process memory
Impact
Execute code as filter user

Vulnerability AssessmentAI

Exploitation Exploitation requires that a specially crafted print job reach the hpcups filter - i.e., a CUPS print queue configured with the HPLIP/hpcups driver for an HP device must process the attacker's raster/print data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are partially conflicting and should be weighed rather than taken at face value. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious print job whose raster/print data contains size fields engineered to trigger the integer overflow in hpcups, then submits it to a CUPS queue that uses the HPLIP driver - either directly on a shared/network-exposed print server or by luring a user to print attacker-supplied content. When hpcups processes the job, the overflow corrupts memory in the filter process, potentially yielding code execution in the print filter's context. …
Remediation No exact fixed HPLIP version is present in the provided data, so treat patch status as: patch tracked per vendor advisory but released fixed version not independently confirmed - monitor https://access.redhat.com/security/cve/CVE-2026-14544 and apply the HPLIP errata update for your RHEL release as soon as it is published, prioritizing this because the prior fix (CVE-2026-8631) was incomplete. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all RHEL systems (versions 6, 7, 8, 9, 10) running HPLIP and identify network-exposed CUPS instances; disable CUPS daemon where operationally unnecessary. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-35091 HIGH
8.2 Apr 01

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memor

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

CVE-2026-1767 HIGH
8.1 Jun 16

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise

Share

CVE-2026-14544 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy