CVE-2026-5115
Published: 31 March 2026
Summary
CVE-2026-5115 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Papercut Papercut Mf. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-23 (Session Authenticity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates confidentiality and integrity protections for transmitted information, directly preventing leakage of sensitive data over the insecure communication channel between the embedded application and server.
Protects the authenticity of communication sessions, mitigating session hijacking enabled by intercepted sensitive data from the cleartext channel.
Requires cryptographic mechanisms to protect the confidentiality and integrity of communications, addressing the core cleartext transmission flaw (CWE-319).
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure communication channel with cleartext sensitive data leakage (CWE-319) directly enables network sniffing of traffic (T1040) and adversary-in-the-middle positioning to intercept/hijack sessions or steal data (T1557).
NVD Description
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered…
more
that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
Deeper analysisAI
CVE-2026-5115 is a session hijacking vulnerability in the PaperCut NG/MF Embedded application, specifically the version designed for Konica Minolta multi-function devices. This software interface runs directly on the device's touch screen and communicates with a PaperCut server. The flaw stems from an insecure communication channel that leaks data, including sensitive information that could enable further attacks on the device. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-319 (Cleartext Transmission of Sensitive Information). It was internally discovered and published on 2026-03-31.
Remote attackers with network access can exploit this vulnerability without requiring authentication, privileges, or user interaction. By intercepting the insecure channel, they can obtain leaked sensitive data to mount attacks on the device itself, steal additional data, or conduct phishing against end users.
The PaperCut security bulletin provides details on mitigation: https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/.
Details
- CWE(s)