Description
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.
Published: 2026-02-20
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation via AccessID
Action: Patch
AI Analysis

Impact

The flaw in EduBusinessSolutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to alter the AccessID request parameter and elevate privileges. This is a CWE‑269 privilege‑escalation weakness. The attacker can gain higher level access within the application, potentially enabling configuration changes or other elevated actions. No further details such as arbitrary code execution are provided in the description.

Affected Systems

Print Shop Pro WebDesk v.18.34 from EduBusinessSolutions is the only affected product. The CPE string confirms this version; no other versions or products are documented. Users running this web‑based print‑management solution should verify that they are on the specified version or newer.

Risk and Exploitability

The CVSS score of 9.8 classifies the vulnerability at critical severity. The EPSS score of less than 1 percent indicates a low probability of exploitation at present, and the issue is not listed in CISA KEV. The likely attack vector is remote, via crafted AccessID requests, inferred from the description, and does not require local access. Public exploit code is not known, and the high severity suggests that the risk would increase sharply if an exploit becomes available.

Generated by OpenCVE AI on April 18, 2026 at 17:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of Print Shop Pro WebDesk when the vendor releases an update that addresses the AccessID privilege‑escalation issue.
  • If an upgrade is not immediately possible, restrict the AccessID parameter so that only users with administrative authority can modify it, thereby limiting potential privilege escalation.
  • Perform a review of user accounts and permissions to ensure no unauthorized elevation has occurred, and reset any credentials that may have been compromised.

Generated by OpenCVE AI on April 18, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Title Remote Privilege Escalation via AccessID in Print Shop Pro WebDesk

Thu, 26 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:edubusinesssolutions:print_shop_pro_webdesk:18.34:*:*:*:*:*:*:*

Mon, 23 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Edubusinesssolutions
Edubusinesssolutions print Shop Pro Webdesk
Vendors & Products Edubusinesssolutions
Edubusinesssolutions print Shop Pro Webdesk

Fri, 20 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allows a remote attacker to escalate privileges via the AccessID parameter.
References

Subscriptions

Edubusinesssolutions Print Shop Pro Webdesk
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-02-23T20:17:40.905Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26725

cve-icon Vulnrichment

Updated: 2026-02-23T20:15:20.881Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T17:25:55.700

Modified: 2026-02-26T21:32:14.533

Link: CVE-2026-26725

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:00:06Z

Weaknesses