Skip to main content

Red Hat CVE-2026-34980

| EUVDEUVD-2026-18887 MEDIUM
Improper Input Validation (CWE-20)
2026-04-03 GitHub_M
6.1
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.1 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
6.4 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 21:30 euvd
EUVD-2026-18887
Analysis Generated
Apr 03, 2026 - 21:30 vuln.today
CVE Published
Apr 03, 2026 - 21:18 nvd
MEDIUM 6.1

DescriptionGitHub Advisory

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.

AnalysisAI

Unauthenticated remote code execution in OpenPrinting CUPS 2.4.16 and earlier allows attackers to send print jobs to shared PostScript queues without authentication, exploit a newline injection vulnerability in page-border parameter handling, and execute arbitrary binaries as the lp user by chaining a follow-up raw print job. CISA KEV status and active exploitation confirmation not provided; no publicly available patches identified at publication.

Technical ContextAI

OpenPrinting CUPS is the standard printing system for Linux and Unix-like environments, exposing cupsd (the CUPS daemon) as a network service. The vulnerability chain involves CWE-20 (Improper Input Validation): the server accepts a page-border value as textWithoutLanguage, fails to sanitize embedded newline characters, and during option escaping and reparse, treats the second line as a trusted PPD (PostScript Printer Description) scheduler control record. This allows injection of scheduler directives that, combined with a follow-up raw print job, can execute attacker-controlled binaries with lp user privileges. The attack exploits the trust model where PPD directives are interpreted as system commands.

RemediationAI

No vendor-released patch identified at time of analysis. Users should immediately disable network exposure of cupsd or restrict access to Print-Job submission endpoints to authenticated clients only, pending patch availability. Implement network-level access controls (firewall rules) to limit cupsd exposure to trusted subnets, disable shared queue functionality if not required, and monitor cupsd logs for unauthorized Print-Job submissions without authentication. Consult the OpenPrinting CUPS security advisory (https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf) for updates on patch availability and recommended upgrade versions once released.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-34980 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy