{"id":"USN-8405-1","summary":"cups vulnerabilities","details":"Ariel Silver discovered that CUPS incorrectly handled username comparisons\nduring authorization checks. A local attacker could possibly use this issue\nto gain unauthorized access to restricted operations. (CVE-2026-27447)\n\nAsim Viladi Oglu Manizada discovered that CUPS incorrectly handled\nnotify-recipient-uri values in the RSS notifier. A remote attacker could\npossibly use this issue to overwrite lp-writable files and cause a denial\nof service. (CVE-2026-34978)\n\nJacob Newman discovered that CUPS incorrectly handled filter option strings\nwhen processing job attributes. An attacker could use this issue to cause\nCUPS to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2026-34979)\n\nAsim Viladi Oglu Manizada discovered that CUPS incorrectly handled\npage-border values in shared PostScript queues. A remote attacker could\npossibly use this issue to execute arbitrary code. (CVE-2026-34980)\n\nAsim Viladi Oglu Manizada discovered that CUPS incorrectly handled\nlocalhost authentication to attacker-controlled IPP services. A local\nattacker could possibly use this issue to overwrite arbitrary files\nand execute arbitrary code. (CVE-2026-34990)\n\nTomer Fichman discovered that CUPS incorrectly handled negative\njob-password-supported values. A local attacker could possibly use this\nissue to cause CUPS to crash, resulting in a denial of service.\n(CVE-2026-39314)\n\nTomer Fichman discovered that CUPS incorrectly handled temporary printer\ndeletion. An attacker could possibly use this issue to cause CUPS to crash,\nresulting in a denial of service, or to execute arbitrary code.\n(CVE-2026-39316)\n\nTomer Fichman discovered that CUPS incorrectly handled certain malformed\nSNMP responses. An attacker could possibly use this issue to obtain\nsensitive information. (CVE-2026-41079)","modified":"2026-06-08T23:14:21.292502385Z","published":"2026-06-08T15:51:32Z","related":["UBUNTU-CVE-2026-27447","UBUNTU-CVE-2026-34978","UBUNTU-CVE-2026-34979","UBUNTU-CVE-2026-34980","UBUNTU-CVE-2026-34990","UBUNTU-CVE-2026-39314","UBUNTU-CVE-2026-39316","UBUNTU-CVE-2026-41079"],"upstream":["CVE-2026-27447","CVE-2026-34978","CVE-2026-34979","CVE-2026-34980","CVE-2026-34990","CVE-2026-39314","CVE-2026-39316","CVE-2026-41079","UBUNTU-CVE-2026-27447","UBUNTU-CVE-2026-34978","UBUNTU-CVE-2026-34979","UBUNTU-CVE-2026-34980","UBUNTU-CVE-2026-34990","UBUNTU-CVE-2026-39314","UBUNTU-CVE-2026-39316","UBUNTU-CVE-2026-41079"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8405-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-27447"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34978"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34979"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34980"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-34990"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-39314"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-39316"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41079"}],"affected":[{"package":{"name":"cups","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.1op1-1ubuntu4.20"}]}],"versions":["2.3.3op2-7ubuntu2","2.4.1op1-1ubuntu1","2.4.1op1-1ubuntu2","2.4.1op1-1ubuntu3","2.4.1op1-1ubuntu4","2.4.1op1-1ubuntu4.1","2.4.1op1-1ubuntu4.2","2.4.1op1-1ubuntu4.4","2.4.1op1-1ubuntu4.6","2.4.1op1-1ubuntu4.7","2.4.1op1-1ubuntu4.8","2.4.1op1-1ubuntu4.9","2.4.1op1-1ubuntu4.10","2.4.1op1-1ubuntu4.11","2.4.1op1-1ubuntu4.12","2.4.1op1-1ubuntu4.15","2.4.1op1-1ubuntu4.16"],"ecosystem_specific":{"binaries":[{"binary_name":"cups","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_name":"cups-bsd","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_version":"2.4.1op1-1ubuntu4.20","binary_name":"cups-client"},{"binary_name":"cups-common","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_name":"cups-core-drivers","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_name":"cups-daemon","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_version":"2.4.1op1-1ubuntu4.20","binary_name":"cups-ipp-utils"},{"binary_name":"cups-ppdc","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_name":"cups-server-common","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_name":"libcups2","binary_version":"2.4.1op1-1ubuntu4.20"},{"binary_version":"2.4.1op1-1ubuntu4.20","binary_name":"libcupsimage2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-1.json","cves_map":{"cves":[{"id":"CVE-2026-27447","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34978","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34979","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34980","severity":[{"score":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34990","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39314","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39316","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-41079","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"cups","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-1.2ubuntu7.13"}]}],"versions":["2.4.6-0ubuntu3","2.4.7-1.2ubuntu2","2.4.7-1.2ubuntu3","2.4.7-1.2ubuntu7","2.4.7-1.2ubuntu7.1","2.4.7-1.2ubuntu7.2","2.4.7-1.2ubuntu7.3","2.4.7-1.2ubuntu7.4","2.4.7-1.2ubuntu7.7","2.4.7-1.2ubuntu7.9"],"ecosystem_specific":{"binaries":[{"binary_name":"cups","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-bsd","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-client","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_version":"2.4.7-1.2ubuntu7.13","binary_name":"cups-common"},{"binary_name":"cups-core-drivers","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-daemon","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-ppdc","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_name":"cups-server-common","binary_version":"2.4.7-1.2ubuntu7.13"},{"binary_version":"2.4.7-1.2ubuntu7.13","binary_name":"libcups2t64"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.7-1.2ubuntu7.13"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-1.json","cves_map":{"cves":[{"id":"CVE-2026-27447","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34978","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34979","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34980","severity":[{"score":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34990","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39314","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39316","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-41079","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}},{"package":{"name":"cups","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/cups?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.12-0ubuntu3.9"}]}],"versions":["2.4.12-0ubuntu1","2.4.12-0ubuntu2","2.4.12-0ubuntu3","2.4.12-0ubuntu3.3","2.4.12-0ubuntu3.5"],"ecosystem_specific":{"binaries":[{"binary_name":"cups","binary_version":"2.4.12-0ubuntu3.9"},{"binary_name":"cups-bsd","binary_version":"2.4.12-0ubuntu3.9"},{"binary_version":"2.4.12-0ubuntu3.9","binary_name":"cups-client"},{"binary_name":"cups-common","binary_version":"2.4.12-0ubuntu3.9"},{"binary_version":"2.4.12-0ubuntu3.9","binary_name":"cups-core-drivers"},{"binary_version":"2.4.12-0ubuntu3.9","binary_name":"cups-daemon"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.12-0ubuntu3.9"},{"binary_version":"2.4.12-0ubuntu3.9","binary_name":"cups-ppdc"},{"binary_name":"cups-server-common","binary_version":"2.4.12-0ubuntu3.9"},{"binary_version":"2.4.12-0ubuntu3.9","binary_name":"libcups2t64"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.12-0ubuntu3.9"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-1.json","cves_map":{"cves":[{"id":"CVE-2026-27447","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34978","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34979","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34980","severity":[{"score":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34990","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39314","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39316","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-41079","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:25.10"}}},{"package":{"name":"cups","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.16-1ubuntu1.2"}]}],"versions":["2.4.12-0ubuntu3","2.4.12-0ubuntu5","2.4.16-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.4.16-1ubuntu1.2","binary_name":"cups"},{"binary_name":"cups-bsd","binary_version":"2.4.16-1ubuntu1.2"},{"binary_name":"cups-client","binary_version":"2.4.16-1ubuntu1.2"},{"binary_version":"2.4.16-1ubuntu1.2","binary_name":"cups-common"},{"binary_name":"cups-core-drivers","binary_version":"2.4.16-1ubuntu1.2"},{"binary_name":"cups-daemon","binary_version":"2.4.16-1ubuntu1.2"},{"binary_version":"2.4.16-1ubuntu1.2","binary_name":"cups-ipp-utils"},{"binary_version":"2.4.16-1ubuntu1.2","binary_name":"cups-ppdc"},{"binary_version":"2.4.16-1ubuntu1.2","binary_name":"cups-server-common"},{"binary_name":"libcups2t64","binary_version":"2.4.16-1ubuntu1.2"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.16-1ubuntu1.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-1.json","cves_map":{"cves":[{"id":"CVE-2026-27447","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34978","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34979","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34980","severity":[{"score":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-34990","severity":[{"score":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39314","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-39316","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-41079","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:26.04:LTS"}}}],"schema_version":"1.7.5"}