Out-of-Bounds Read in OpenPrinting CUPS Affects Networked Printing Systems
CVE-2026-41079

4.3MEDIUM

Key Information:

Vendor

Openprinting

Status
Cups
Vendor
CVE Published:
24 April 2026

What is CVE-2026-41079?

OpenPrinting CUPS is a widely used open-source printing system for Linux and Unix-like operating systems. A vulnerability prior to version 2.4.17 allows network-adjacent attackers to exploit the SNMP backend. By sending a specially crafted SNMP response, these attackers can trigger an out-of-bounds read operation, resulting in the leakage of up to 176 bytes of memory from the stack. This memory can include sensitive information that gets converted from UTF-16 to UTF-8, which may then be made accessible to authenticated users through IPP Get-Printer-Attributes responses and within the CUPS web interface. This issue has been rectified in version 2.4.17.

Affected Version(s)

cups < 2.4.17

References

https://github.com/OpenPrinting/cups/security/advisories/...
x_refsource_CONFIRM
https://github.com/OpenPrinting/cups/commit/b7c2525a885f5...
x_refsource_MISC
https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.