Is J3p68a Firmware affected by CVE-2026-1997?

CVE-2026-1997 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-1997

MEDIUM

2026-02-10 [email protected]

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 18:16 nvd

MEDIUM 5.3

Tags

CSRF Hp J3p68a Firmware J6x78a Firmware T0g56a Firmware M9l67a Firmware K7s40a Firmware Y0s19a Firmware D9l20a Firmware K7s42a Firmware J6x80a Firmware J3p65a Firmware T0g46a Firmware D9l64a Firmware J6x79a Firmware Y0s18a Firmware G5j56a Firmware K7s32a Firmware J6x77a Firmware J3p67a Firmware K7s37a Firmware T0g70a Firmware K7s43a Firmware K7s39a Firmware K7s41a Firmware K7s38a Firmware D9l18a Firmware M9l66a Firmware J3p66a Firmware T0g65a Firmware L3t99a Firmware J6x76a Firmware J6x81a Firmware J6x83a Firmware T0g47a Firmware G5j38a Firmware M9l65a Firmware M9l70a Firmware T1p99a Firmware D9l21a Firmware D9l63a Firmware T0g49a Firmware T0g48a Firmware

Description

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Analysis

HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: 0

CVE-2026-1997 vulnerability details – vuln.today

Back

CVE-2026-1997

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code