Improper Symbolic Link Handling in Canon CUPS Printer Driver for macOS
CVE-2026-6892

5.1MEDIUM

Key Information:

Vendor

Canon Inc.

Status
Canon Pixus Ix6800 Series Cups Printer Driver For Mac OS
Pixma Mg2500 Series Cups Printer Driver For Mac OS
Pixma Ix6800 Series Cups Printer Driver For Mac OS
Vendor
CVE Published:
29 May 2026

What is CVE-2026-6892?

The CUPS Printer Driver for macOS has a vulnerability that stems from improper handling of symbolic links within its installer. This flaw could allow a local attacker with login privileges to exploit specifically crafted symbolic links during the installation process. As a result, the attacker may gain unauthorized permission to modify directory settings that should typically remain protected. This issue affects the Canon PIXUS iX6800 Series and PIXMA MG2500 Series for versions released before 16.91.0.0.

Affected Version(s)

Canon PIXUS iX6800 Series CUPS Printer Driver for macOS 16.91.0.0 or earlier

PIXMA iX6800 Series CUPS Printer Driver for macOS 16.91.0.0 or earlier

PIXMA MG2500 Series CUPS Printer Driver for macOS 16.91.0.0 or earlier

References

https://psirt.canon/advisory-information/cp2026-004/
vendor-advisory
https://canon.jp/support/support-info/260528-1vulnerabili...
vendor-advisory
https://www.usa.canon.com/support/canon-product-advisorie...
vendor-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.