Description
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.

CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
Published: 2026-02-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via CORS misconfiguration
Action: Apply Patch
AI Analysis

Impact

Certain HP OfficeJet Pro printers may expose sensitive device data if Cross‑Origin Resource Sharing (CORS) is incorrectly enabled. The flaw allows a malicious web origin to send cross‑domain requests to the embedded web server and retrieve resources or configuration information that should be protected. The weakness is identified as CWE‑346 (Information Exposure Through an Error).

Affected Systems

Affected devices include the HP OfficeJet Pro 7720 Wide Format All‑in‑One Printer series, HP OfficeJet Pro 7730 Wide Format All‑in‑One Printer, HP OfficeJet Pro 7740 Wide Format All‑in‑One Printer series, HP OfficeJet Pro 8210 Printer series, HP OfficeJet Pro 8710 All‑in‑One Printer series, HP OfficeJet Pro 8730 All‑in‑One Printer, HP OfficeJet Pro 8730 Mono Printer series, and HP OfficeJet Pro 8740 All‑in‑One Printer series. The vulnerability arises in the embedded web server firmware across multiple hardware revisions listed in the CPE set.

Risk and Exploitability

The CVSS v3.1 score is 6.9, indicating a moderate impact. EPSS is below 1 %, implying a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to trick a user with a malicious web page or have some remote code capable of sending cross‑origin requests to the printer’s web interface; no local privileges are required. Because CORS is disabled by default and must be enabled by an administrator, the likelihood of this condition existing is low, but once enabled it allows an unauthorized origin to read device data.

Generated by OpenCVE AI on April 17, 2026 at 20:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the printer firmware to the latest version released by HP that addresses the CORS configuration issue.
  • If the device must support web‑based administration, explicitly disable the CORS feature in the Embedded Web Server settings until a patched version is applied.
  • Restrict network access to the printer’s management interface and limit exposure to trusted devices only.

Generated by OpenCVE AI on April 17, 2026 at 20:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp d9l18a
Hp d9l18a Firmware
Hp d9l20a
Hp d9l20a Firmware
Hp d9l21a
Hp d9l21a Firmware
Hp d9l63a
Hp d9l63a Firmware
Hp d9l64a
Hp d9l64a Firmware
Hp g5j38a
Hp g5j38a Firmware
Hp g5j56a
Hp g5j56a Firmware
Hp j3p65a
Hp j3p65a Firmware
Hp j3p66a
Hp j3p66a Firmware
Hp j3p67a
Hp j3p67a Firmware
Hp j3p68a
Hp j3p68a Firmware
Hp j6x76a
Hp j6x76a Firmware
Hp j6x77a
Hp j6x77a Firmware
Hp j6x78a
Hp j6x78a Firmware
Hp j6x79a
Hp j6x79a Firmware
Hp j6x80a
Hp j6x80a Firmware
Hp j6x81a
Hp j6x81a Firmware
Hp j6x83a
Hp j6x83a Firmware
Hp k7s32a
Hp k7s32a Firmware
Hp k7s37a
Hp k7s37a Firmware
Hp k7s38a
Hp k7s38a Firmware
Hp k7s39a
Hp k7s39a Firmware
Hp k7s40a
Hp k7s40a Firmware
Hp k7s41a
Hp k7s41a Firmware
Hp k7s42a
Hp k7s42a Firmware
Hp k7s43a
Hp k7s43a Firmware
Hp l3t99a
Hp l3t99a Firmware
Hp m9l65a
Hp m9l65a Firmware
Hp m9l66a
Hp m9l66a Firmware
Hp m9l67a
Hp m9l67a Firmware
Hp m9l70a
Hp m9l70a Firmware
Hp t0g46a
Hp t0g46a Firmware
Hp t0g47a
Hp t0g47a Firmware
Hp t0g48a
Hp t0g48a Firmware
Hp t0g49a
Hp t0g49a Firmware
Hp t0g56a
Hp t0g56a Firmware
Hp t0g65a
Hp t0g65a Firmware
Hp t0g70a
Hp t0g70a Firmware
Hp t1p99a
Hp t1p99a Firmware
Hp y0s18a
Hp y0s18a Firmware
Hp y0s19a
Hp y0s19a Firmware
CPEs cpe:2.3:h:hp:d9l18a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:d9l20a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:d9l21a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:d9l63a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:d9l64a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:g5j38a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:g5j56a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j3p65a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j3p66a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j3p67a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j3p68a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x76a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x77a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x78a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x79a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x80a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x81a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:j6x83a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s32a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s37a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s38a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s39a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s40a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s41a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s42a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:k7s43a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:l3t99a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:m9l65a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:m9l66a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:m9l67a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:m9l70a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g46a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g47a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g48a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g49a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g56a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g65a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t0g70a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:t1p99a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:y0s18a:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:y0s19a:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:d9l18a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:d9l20a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:d9l21a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:d9l63a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:d9l64a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:g5j38a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:g5j56a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j3p65a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j3p66a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j3p67a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j3p68a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x76a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x77a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x78a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x79a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x80a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x81a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:j6x83a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s32a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s37a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s38a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s39a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s40a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s41a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s42a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:k7s43a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:l3t99a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:m9l65a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:m9l66a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:m9l67a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:m9l70a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g46a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g47a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g48a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g49a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g56a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g65a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t0g70a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:t1p99a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:y0s18a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:y0s19a_firmware:*:*:*:*:*:*:*:*
Vendors & Products Hp
Hp d9l18a
Hp d9l18a Firmware
Hp d9l20a
Hp d9l20a Firmware
Hp d9l21a
Hp d9l21a Firmware
Hp d9l63a
Hp d9l63a Firmware
Hp d9l64a
Hp d9l64a Firmware
Hp g5j38a
Hp g5j38a Firmware
Hp g5j56a
Hp g5j56a Firmware
Hp j3p65a
Hp j3p65a Firmware
Hp j3p66a
Hp j3p66a Firmware
Hp j3p67a
Hp j3p67a Firmware
Hp j3p68a
Hp j3p68a Firmware
Hp j6x76a
Hp j6x76a Firmware
Hp j6x77a
Hp j6x77a Firmware
Hp j6x78a
Hp j6x78a Firmware
Hp j6x79a
Hp j6x79a Firmware
Hp j6x80a
Hp j6x80a Firmware
Hp j6x81a
Hp j6x81a Firmware
Hp j6x83a
Hp j6x83a Firmware
Hp k7s32a
Hp k7s32a Firmware
Hp k7s37a
Hp k7s37a Firmware
Hp k7s38a
Hp k7s38a Firmware
Hp k7s39a
Hp k7s39a Firmware
Hp k7s40a
Hp k7s40a Firmware
Hp k7s41a
Hp k7s41a Firmware
Hp k7s42a
Hp k7s42a Firmware
Hp k7s43a
Hp k7s43a Firmware
Hp l3t99a
Hp l3t99a Firmware
Hp m9l65a
Hp m9l65a Firmware
Hp m9l66a
Hp m9l66a Firmware
Hp m9l67a
Hp m9l67a Firmware
Hp m9l70a
Hp m9l70a Firmware
Hp t0g46a
Hp t0g46a Firmware
Hp t0g47a
Hp t0g47a Firmware
Hp t0g48a
Hp t0g48a Firmware
Hp t0g49a
Hp t0g49a Firmware
Hp t0g56a
Hp t0g56a Firmware
Hp t0g65a
Hp t0g65a Firmware
Hp t0g70a
Hp t0g70a Firmware
Hp t1p99a
Hp t1p99a Firmware
Hp y0s18a
Hp y0s18a Firmware
Hp y0s19a
Hp y0s19a Firmware
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp Inc
Hp Inc hp Officejet Pro 7720 Wide Format All-in-one Printer Series
Hp Inc hp Officejet Pro 7730 Wide Format All-in-one Printer
Hp Inc hp Officejet Pro 7740 Wide Format All-in-one Printer Series
Hp Inc hp Officejet Pro 8210 Printer Series
Hp Inc hp Officejet Pro 8710 All-in-one Printer Series
Hp Inc hp Officejet Pro 8730 All-in-one Printer
Hp Inc hp Officejet Pro 8730 Mono Printer Series
Hp Inc hp Officejet Pro 8740 All-in-one Printer Series
Vendors & Products Hp Inc
Hp Inc hp Officejet Pro 7720 Wide Format All-in-one Printer Series
Hp Inc hp Officejet Pro 7730 Wide Format All-in-one Printer
Hp Inc hp Officejet Pro 7740 Wide Format All-in-one Printer Series
Hp Inc hp Officejet Pro 8210 Printer Series
Hp Inc hp Officejet Pro 8710 All-in-one Printer Series
Hp Inc hp Officejet Pro 8730 All-in-one Printer
Hp Inc hp Officejet Pro 8730 Mono Printer Series
Hp Inc hp Officejet Pro 8740 All-in-one Printer Series

Tue, 10 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
Title Certain HP OfficeJet Pro Printers - Information Disclosure
Weaknesses CWE-346
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Hp D9l18a D9l18a Firmware D9l20a D9l20a Firmware D9l21a D9l21a Firmware D9l63a D9l63a Firmware D9l64a D9l64a Firmware G5j38a G5j38a Firmware G5j56a G5j56a Firmware J3p65a J3p65a Firmware J3p66a J3p66a Firmware J3p67a J3p67a Firmware J3p68a J3p68a Firmware J6x76a J6x76a Firmware J6x77a J6x77a Firmware J6x78a J6x78a Firmware J6x79a J6x79a Firmware J6x80a J6x80a Firmware J6x81a J6x81a Firmware J6x83a J6x83a Firmware K7s32a K7s32a Firmware K7s37a K7s37a Firmware K7s38a K7s38a Firmware K7s39a K7s39a Firmware K7s40a K7s40a Firmware K7s41a K7s41a Firmware K7s42a K7s42a Firmware K7s43a K7s43a Firmware L3t99a L3t99a Firmware M9l65a M9l65a Firmware M9l66a M9l66a Firmware M9l67a M9l67a Firmware M9l70a M9l70a Firmware T0g46a T0g46a Firmware T0g47a T0g47a Firmware T0g48a T0g48a Firmware T0g49a T0g49a Firmware T0g56a T0g56a Firmware T0g65a T0g65a Firmware T0g70a T0g70a Firmware T1p99a T1p99a Firmware Y0s18a Y0s18a Firmware Y0s19a Y0s19a Firmware
Hp Inc Hp Officejet Pro 7720 Wide Format All-in-one Printer Series Hp Officejet Pro 7730 Wide Format All-in-one Printer Hp Officejet Pro 7740 Wide Format All-in-one Printer Series Hp Officejet Pro 8210 Printer Series Hp Officejet Pro 8710 All-in-one Printer Series Hp Officejet Pro 8730 All-in-one Printer Hp Officejet Pro 8730 Mono Printer Series Hp Officejet Pro 8740 All-in-one Printer Series
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-02-10T20:14:16.309Z

Reserved: 2026-02-05T16:51:16.104Z

Link: CVE-2026-1997

cve-icon Vulnrichment

Updated: 2026-02-10T20:13:53.646Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T18:16:22.513

Modified: 2026-02-12T15:13:31.403

Link: CVE-2026-1997

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T20:45:25Z

Weaknesses