Denial of Service Vulnerability in HP ENVY 5000 Series Printers
CVE-2026-42626

5.9MEDIUM

Key Information:

Vendor: HP
Status: HP ENVY 5000 series printers
Vendor: CVE Published:; 22 May 2026

What is CVE-2026-42626?

HP ENVY 5000 series printers with specific firmware versions exhibit a critical vulnerability related to the management of concurrent TCP connections on port 9100. This issue allows unauthorized remote attackers on the same network to maintain persistent connections by sending keep-alive packets. The lack of proper connection timeouts or limits on concurrent sessions leads to a denial of service condition, where the printer becomes unresponsive to all commands and print jobs. Recovery from this state requires manual intervention to restart the device, and the attack can be re-executed immediately, posing ongoing threats to printer availability and usability.

References

https://medium.com/@jacobmasse/hp-envy-5000-printer-dos-v...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2026
Vulnerability Reserved
Apr 29, 2026

CVE-2026-42626 Data

JSON