EUVD-2026-18863
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
4Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Analysis
CUPS daemon (cupsd) versions 2.4.16 and earlier authenticate users via case-insensitive username comparison, allowing an authenticated high-privileged user to bypass authorization controls by submitting requests under a username that differs only in case from an authorized user, gaining access to restricted printing operations. No public exploit code has been identified, and patches were not available at the time of initial disclosure, though a upstream commit indicates a fix may have been prepared.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today