Use-After-Free Vulnerability in OpenPrinting CUPS Printer System
CVE-2026-39316

4MEDIUM

Key Information:

Vendor: Openprinting
Status: Cups
Vendor: CVE Published:; 7 April 2026

🔔 Create Openprinting Vulnerability Alert

What is CVE-2026-39316?

OpenPrinting CUPS, an open source printing system for Linux and similar operating systems, is impacted by a use-after-free vulnerability. Specifically, versions 2.4.16 and earlier are susceptible to this flaw, which occurs when temporary printers are deleted automatically. The function cupsdDeleteTemporaryPrinters() calls cupsdDeletePrinter() without expiring subscriptions that reference the printer, resulting in a dangling pointer to freed heap memory. This vulnerability can be exploited to cause a crash of the CUPS daemon, leading to a denial of service. Moreover, with advanced techniques like heap grooming, attackers may leverage this flaw for arbitrary code execution.

Affected Version(s)

cups <= 2.4.16

References

https://github.com/OpenPrinting/cups/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39316 Data

JSON