Skip to main content

Papercut Ng Mf

3 CVEs product

Monthly

CVE-2026-6418 MEDIUM PATCH This Month

PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.

Information Disclosure Papercut Ng Mf
NVD VulDB
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-5115 LOW PATCH Monitor

PaperCut NG/MF embedded application on Konica Minolta multifunction devices transmits sensitive session data over an insecure communication channel, enabling session hijacking and potential credential theft or phishing attacks against end users. The vulnerability affects all versions of the embedded application and was discovered internally by PaperCut; no public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Papercut Ng Mf
NVD
CVSS 4.0
3.6
EPSS
0.0%
CVE-2026-4794 LOW PATCH Monitor

Stored cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF versions before 25.0.10 allow authenticated administrator users to inject malicious scripts via multiple UI fields, potentially compromising other administrators' sessions and enabling unauthorized actions within the administrator context. The vulnerability requires valid administrator credentials and an active login session to exploit, limiting exposure to trusted administrative users but creating significant insider risk.

XSS Papercut Ng Mf
NVD
CVSS 4.0
2.1
EPSS
0.0%
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

PaperCut MF version 25.0.4 allows authenticated administrators to read arbitrary files on the server through insufficient path validation in the Shared Account Synchronization component, exposing sensitive configuration and system files via the account management interface. The vulnerability requires administrative privileges and attack complexity involves timing (AT:P), limiting real-world exploitation scope despite network accessibility.

Information Disclosure Papercut Ng Mf
NVD VulDB
EPSS 0% CVSS 3.6
LOW PATCH Monitor

PaperCut NG/MF embedded application on Konica Minolta multifunction devices transmits sensitive session data over an insecure communication channel, enabling session hijacking and potential credential theft or phishing attacks against end users. The vulnerability affects all versions of the embedded application and was discovered internally by PaperCut; no public exploit code or active exploitation has been confirmed at this time.

Information Disclosure Papercut Ng Mf
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Stored cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF versions before 25.0.10 allow authenticated administrator users to inject malicious scripts via multiple UI fields, potentially compromising other administrators' sessions and enabling unauthorized actions within the administrator context. The vulnerability requires valid administrator credentials and an active login session to exploit, limiting exposure to trusted administrative users but creating significant insider risk.

XSS Papercut Ng Mf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy