Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
Published: 2026-04-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

OpenPrinting CUPS is an open source printing system for Linux and other Unix‑like operating systems. Prior to 2.4.17, an attacker adjacent to the network can send a crafted SNMP response to the CUPS SNMP backend that triggers an out‑of‑bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF‑16 to UTF‑8 and stored as printer supply description strings, which are then visible to authenticated users via IPP Get‑Printer‑Attributes responses and the CUPS web interface, illustrating a CWE‑125 (Out‑of‑Bounds Read) that results in a CWE‑200 (Information Exposure).

Affected Systems

Versions of OpenPrinting CUPS older than 2.4.17 are affected. The vulnerability applies to the CUPS SNMP backend used on Linux and other Unix‑like systems. Updating to CUPS 2.4.17 or newer eliminates the bug; no other versions are known to be impacted.

Risk and Exploitability

With a CVSS score of 4.3 the assessment rate is 'low' severity. The EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker must be a network‑adjacent actor able to send a crafted SNMP response to the CUPS SNMP backend and that authenticated access to the server is required to read the leaked supply descriptions. The exposure is limited to information disclosure, and this could aid further reconnaissance, as inferred from the nature of leaked data.

Generated by OpenCVE AI on April 29, 2026 at 01:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenPrinting CUPS to version 2.4.17 or later to apply the fix.
  • If the SNMP backend is not required, disable the SNMP supply‑level polling feature.
  • Restrict SNMP access to trusted hosts and users to limit the ability to send crafted SNMP responses.

Generated by OpenCVE AI on April 29, 2026 at 01:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Mon, 27 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Openprinting
Openprinting cups
CPEs cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*
Vendors & Products Openprinting
Openprinting cups

Sat, 25 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Description OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
Title OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users
Weaknesses CWE-125
CWE-200
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Openprinting Cups
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-25T01:47:44.540Z

Reserved: 2026-04-16T16:43:03.176Z

Link: CVE-2026-41079

cve-icon Vulnrichment

Updated: 2026-04-25T01:47:40.466Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T17:16:21.340

Modified: 2026-04-27T13:40:54.787

Link: CVE-2026-41079

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-24T16:54:38Z

Links: CVE-2026-41079 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:45:26Z

Weaknesses