Remote Code Execution Vulnerability in HP DeskJet All in One Devices
CVE-2026-4682

8.7HIGH

Key Information:

Vendor: HP Inc
Status: HP Deskjet 2800e All-in-one Printer Series; HP Deskjet 4200 All-in-one Printer Series; HP Deskjet Ink Advantage 4200 All-in-one Printer Series; HP Deskjet 4200e All-in-one Printer Series
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-4682?

HP DeskJet All in One devices are susceptible to a buffer overflow vulnerability that could allow remote code execution. This occurs when the device improperly validates and processes specially crafted Web Services for Devices (WSD) scan requests. WSD, a Microsoft Windows-based network scanning protocol, enables PCs to discover and communicate with scanners without needing vendor-specific software. Successful exploitation of this vulnerability could potentially lead to unauthorized access, compromising the integrity and confidentiality of data.

Affected Version(s)

HP DeskJet 2800e All-in-One Printer series 0

HP DeskJet 4200 All-in-One Printer series 0

HP DeskJet 4200e All-in-One Printer series 0

References

https://support.hp.com/us-en/document/ish_14744451-147444...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-4682 Data

JSON

HP Inc

What is CVE-2026-4682?

Affected Version(s)

References

CVSS V4

Timeline