Unauthorized Print Job Execution in OpenPrinting CUPS 2.4.16 and Prior
CVE-2026-34980

6.1MEDIUM

Key Information:

Vendor: Openprinting
Status: Cups
Vendor: CVE Published:; 3 April 2026

🔔 Create Openprinting Vulnerability Alert

What is CVE-2026-34980?

The OpenPrinting CUPS printing system is susceptible to a vulnerability that allows unauthorized clients to send print jobs to a shared PostScript queue without proper authentication. This issue arises in network-exposed instances of cupsd version 2.4.16 and earlier, where an attacker can manipulate server inputs. By leveraging a shared target queue, an attacker can submit a crafted print job that could invoke an arbitrary binary, such as /usr/bin/vim, leading to potential compromise of the system. As of the current date, there are no publicly available patches to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cups <= 2.4.16

References

https://github.com/OpenPrinting/cups/security/advisories/...

x_refsource_CONFIRM

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Mar 31, 2026

JSON

Openprinting