Cyber Resilience

CVE-2026-34980

MediumPublic PoC

Published: 03 April 2026

Published
03 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v4 6.1 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34980 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Openprinting Cups. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-34980 is an improper input validation vulnerability (CWE-20) affecting OpenPrinting CUPS, an open source printing system for Linux and other Unix-like operating systems, in versions 2.4.16 and prior. The issue resides in network-exposed instances of cupsd configured with a shared target queue. An unauthorized client can submit a Print-Job to the shared PostScript queue without authentication. The server accepts a specially crafted page-border value supplied as textWithoutLanguage, which preserves an embedded newline through option escaping and reparse mechanisms. This causes the server to reparse the resulting second-line PPD text as a trusted scheduler control record.

Exploitation requires an attacker with adjacent network access (AV:A) and involves high attack complexity (AC:H), with no privileges (PR:N) or user interaction (UI:N) needed, yielding a CVSS v3.1 base score of 7.5 (High) due to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). A follow-up raw print job can then leverage the manipulated control to execute an attacker-chosen existing binary, such as /usr/bin/vim, running as the lp user.

The GitHub Security Advisory (GHSA-4852-v58g-6cwf) confirms that, at the time of publication on 2026-04-03, no publicly available patches exist for this vulnerability.

No real-world exploitation has been reported in available information.

EU & UK References

Vulnerability details

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript…

more

queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The vulnerability allows unauthenticated remote exploitation of the network-exposed CUPS service (T1190: Exploit Public-Facing Application) resulting in execution of attacker-chosen binaries as the lp user via the Unix environment (T1059.004: Unix Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34990Same product: Openprinting Cups
CVE-2024-56133Shared CWE-20
CVE-2026-32604Shared CWE-20
CVE-2025-66259Shared CWE-20
CVE-2025-30452Shared CWE-20
CVE-2024-56131Shared CWE-20
CVE-2024-56135Shared CWE-20
CVE-2025-24499Shared CWE-20
CVE-2025-14558Shared CWE-20
CVE-2025-63213Shared CWE-20

Affected Assets

openprinting
cups
≤ 2.4.16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation of the crafted page-border value containing embedded newlines that leads to reparsing as trusted scheduler controls.

prevent

Limits and authorizes specific actions like Print-Job submissions without identification or authentication on shared PostScript queues, preventing unauthorized exploitation.

prevent

Restricts system functionality by prohibiting or disabling unnecessary shared target queues and PostScript processing exposed to the network.

References