Skip to main content

OpenPrinting CUPS CVE-2026-41079

| EUVDEUVD-2026-25574 MEDIUM
Out-of-bounds Read (CWE-125)
2026-04-24 security-advisories@github.com
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
4.3 LOW
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

6
Patch released
Apr 27, 2026 - 13:40 nvd
Patch available
Patch available
Apr 24, 2026 - 18:01 EUVD
Analysis Generated
Apr 24, 2026 - 17:32 vuln.today
EUVD ID Assigned
Apr 24, 2026 - 17:22 euvd
EUVD-2026-25574
Analysis Generated
Apr 24, 2026 - 17:22 vuln.today
CVE Published
Apr 24, 2026 - 17:16 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.

AnalysisAI

OpenPrinting CUPS before version 2.4.17 allows network-adjacent attackers to read up to 176 bytes of stack memory via a crafted SNMP response sent to the CUPS SNMP backend, with leaked data visible to authenticated users through IPP Get-Printer-Attributes responses and the web interface. The vulnerability requires adjacency on the network but no authentication, making it a low-severity information disclosure risk in environments where SNMP-enabled printers are accessible from untrusted networks.

Technical ContextAI

CUPS includes an SNMP backend that queries network printers for supply and status information using SNMP protocol. The vulnerability is a classic out-of-bounds read (CWE-125) in the SNMP response parser, where insufficient bounds checking during UTF-16 to UTF-8 conversion of SNMP response fields allows reading beyond allocated stack buffer boundaries. The leaked bytes are then stored as printer supply description strings and exposed via IPP (Internet Printing Protocol) Get-Printer-Attributes responses, which authenticated users can query. This affects CUPS' network printer discovery and monitoring functionality, which relies on SNMP to gather supply levels and device attributes from network-attached devices.

RemediationAI

Upgrade CUPS to version 2.4.17 or later; this is the vendor-released patch and is the definitive fix. For systems unable to upgrade immediately, disable or restrict SNMP backend functionality by editing the CUPS configuration to remove SNMP from the list of supported device discovery backends, or use firewall rules to block inbound SNMP traffic (UDP port 161) at the network perimeter. Restricting SNMP access to trusted administrative networks only is a practical interim measure that preserves printer discovery functionality while eliminating the attack vector. Note that disabling SNMP will prevent automatic supply-level monitoring and network printer discovery, requiring manual configuration of printers instead. The GitHub security advisory at https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv contains patch commit hashes (b7c2525a and d7fe0f52) for verification and detailed remediation guidance.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed
SUSE Linux Enterprise Micro 5.4 Fixed

Share

CVE-2026-41079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy