Which versions of Red Hat are affected by CVE-2026-8632?

HP Linux Imaging and Printing Software (HPLIP) contains a local privilege escalation vulnerability (CVE-2026-8632, CVSS 8.5) exploitable by authenticated low-privileged users to execute arbitrary…. A patch is available.

How to fix or mitigate CVE-2026-8632?

24 hours: Enumerate all systems running HPLIP and classify by user access patterns (single-admin vs. multi-user); restrict new unprivileged account creation on affected systems and audit existing user privileges. 7 days: Deploy SELinux or AppArmor profiles limiting HPLIP process capabilities; disable HPLIP on non-production and single-function systems; enable auditd/EDR monitoring for privilege escalation attempts. 30 days: Monitor HP PSIRT advisory hpsbpi04118 for patch release; evaluate alternative print management solutions (CUPS hardening, dedicated print servers); conduct security testing on mitigations before production deployment.

Red Hat CVE-2026-8632

Q: What is the CVSS score of CVE-2026-8632?

CVE-2026-8632 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-31194 HIGH

Command Injection (CWE-77)

2026-05-20 hp-security-alert@hp.com

GHSA-w45w-c9pr-p65f

RCE Command Injection Red Hat HP Suse

8.5

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 20, 2026 - 22:02 EUVD

Analysis Generated

May 20, 2026 - 21:30 vuln.today

DescriptionNVD

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

AnalysisAI

Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. …

RemediationAI

24 hours: Enumerate all systems running HPLIP and classify by user access patterns (single-admin vs. multi-user); restrict new unprivileged account creation on affected systems and audit existing user privileges. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory