Session Hijacking Vulnerability in PaperCut NG/MF for Konica Minolta Devices
CVE-2026-5115

3.6LOW

Key Information:

Vendor: Papercut
Status: Papercut Ng/mf
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-5115?

The PaperCut NG/MF Embedded application for Konica Minolta multi-function devices is susceptible to session hijacking due to an insecure communication channel with the server. This vulnerability can potentially lead to the exposure of sensitive data, which may enable attackers to steal information or execute phishing attacks on users. Proper security measures should be implemented to safeguard against these threats and protect user data.

Affected Version(s)

Papercut NG/MF 0 < 25.0.5

Papercut NG/MF 0 < 25.0.9 (KM certified)

References

https://www.papercut.com/kb/Main/papercut-ng-mf-security-...

CVSS V4

Score:

3.6

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Mar 29, 2026

Credit

Xavier Gibbon

CVE-2026-5115 Data

JSON