Unauthorized Print Job Execution in OpenPrinting CUPS 2.4.16 and Prior

CVE-2026-34980

What is CVE-2026-34980?

CVE-2026-34980 is a critical vulnerability found in OpenPrinting CUPS, an open-source printing system widely used on Linux and other Unix-like operating systems. This particular flaw affects versions 2.4.16 and prior and arises when the cupsd daemon, which handles print jobs, is exposed to a network with a shared print queue. The vulnerability allows unauthorized clients to send print jobs to this queue without the need for authentication, which could lead to unauthorized execution of code on the server. Specifically, an attacker may manipulate the queuing process to execute arbitrary binaries on the server, potentially leading to significant security breaches, including unauthorized access and control over the system.

Potential impact of CVE-2026-34980

1. Unauthorized Code Execution: The vulnerability enables an attacker to execute attacker-chosen binaries on the server, which poses a high risk of system compromise and unauthorized access to sensitive data.

2. Network Exposure Threats: With the cupsd daemon being network-exposed, the vulnerability increases the risk for all systems in the network, allowing for potential lateral movement and further exploitation by adversaries once they gain access.

3. Operational Disruption: By exploiting this vulnerability, attackers could disrupt normal printer operations or manipulate print jobs in ways that could affect business continuity, potentially leading to financial losses and reputational damage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

This is an advertDeploy the Patch →

References