Description
A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.
Published: 2026-04-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Disclosure
Action: Assess Impact
AI Analysis

Impact

A vulnerability in the browser-based remote management interface enables an attacker to submit crafted requests that reveal sensitive information stored on the device. The weakness is classified as CWE-807, indicating a failure to properly restrict operations within the security context. This flaw allows an authenticated or unauthenticated attacker to gain access to confidential data that should be protected from external inspection.

Affected Systems

Canon Inc. production printers and office/small office multifunction printers, including models such as MF842CDW, MF842CX, Satera MF7525F, Satera MF7625F, Satera MF7725F, Satera MF842CDW, i-SENSYS C1533iF II, i-SENSYS MF842Cdw, i-SENSYS X C1538 iF II, imageCLASS X C1538iF II, imageCLASS X MF1538C II, imageFORCE Series, imagePRESS Series, imageRUNNER ADVANCE Series, and imageRUNNER Series. No specific firmware versions are listed as affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, placing it in the moderate severity range. Its EPSS score is less than 1%, indicating that active exploitation is unlikely at present. The issue is not listed in the CISA KEV catalog. The likely attack scenario requires network access to the printer’s remote management interface and may need administrative authentication; an attacker could send malicious requests from within the local network or through a compromised network perimeter. Due to the limited reach and moderate score, the overall risk to the organization is moderate but should be mitigated to prevent potential data leakage.

Generated by OpenCVE AI on April 28, 2026 at 07:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and apply any firmware update that addresses the sensitive information disclosure.
  • Disable or restrict access to the browser‑based remote management interface if it is not required for operational purposes.
  • Segment the network and enforce firewall rules so that only trusted administrative devices can reach the printer’s management interface.

Generated by OpenCVE AI on April 28, 2026 at 07:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Canon
Canon i-sensys C1533if Ii
Canon i-sensys Mf842cdw
Canon i-sensys X C1538 If Ii
Canon imageclass X C1538if Ii
Canon imageclass X Mf1538c Ii
Canon imageforce Series
Canon imagepress Series
Canon imagerunner Advance Series
Canon imagerunner Series
Canon mf842cdw
Canon mf842cx
Canon satera Mf7525f
Canon satera Mf7625f
Canon satera Mf7725f
Canon satera Mf842cdw
Vendors & Products Canon
Canon i-sensys C1533if Ii
Canon i-sensys Mf842cdw
Canon i-sensys X C1538 If Ii
Canon imageclass X C1538if Ii
Canon imageclass X Mf1538c Ii
Canon imageforce Series
Canon imagepress Series
Canon imagerunner Advance Series
Canon imagerunner Series
Canon mf842cdw
Canon mf842cx
Canon satera Mf7525f
Canon satera Mf7625f
Canon satera Mf7725f
Canon satera Mf842cdw

Tue, 28 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Title Browser‑Based Remote Management Interface May Expose Sensitive Device Information in Canon Printers

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.
Weaknesses CWE-807
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Canon I-sensys C1533if Ii I-sensys Mf842cdw I-sensys X C1538 If Ii Imageclass X C1538if Ii Imageclass X Mf1538c Ii Imageforce Series Imagepress Series Imagerunner Advance Series Imagerunner Series Mf842cdw Mf842cx Satera Mf7525f Satera Mf7625f Satera Mf7725f Satera Mf842cdw
cve-icon MITRE

Status: PUBLISHED

Assigner: Canon

Published:

Updated: 2026-04-24T18:18:56.812Z

Reserved: 2026-02-03T04:38:23.956Z

Link: CVE-2026-1789

cve-icon Vulnrichment

Updated: 2026-04-24T16:50:25.713Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-24T00:16:26.400

Modified: 2026-04-24T14:39:56.310

Link: CVE-2026-1789

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:25:41Z

Weaknesses