CVE-2026-42626 - Vulnerability Details

Description

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.

Published: 2026-05-22

Score: 5.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an unauthenticated attacker on the same network to open a persistent TCP connection to port 9100 (JetDirect/RAW) and send keep‑alive packets. Because the printer firmware does not enforce connection timeouts or limits, the printer’s session threads remain locked in a waiting state, rendering the device unresponsive to all user commands and print jobs. The printer can be regained only through a manual restart, and the attack can be launched again immediately.

Affected Systems

HP Envy 5000 series printers running firmware VERBASPP1N003.2237A.00 are affected. No other vendors or product versions are listed.

Risk and Exploitability

The flaw can be exercised by any device on the same local network without authentication, giving the attacker direct control over the printer’s availability. EPSS information is unavailable and the vulnerability is not listed in the CISA KEV catalog, but the lack of resource limits and timeouts suggests a high likelihood of successful exploitation. Once executed, the denial of service can be repeated repeatedly, requiring physical intervention to restore service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update released by HP for the Envy 5000 series
Configure network devices or firewall to restrict or monitor access to port 9100 on the printer
Segment the network or isolate the printer from general network traffic to limit exposure

Generated by OpenCVE AI on May 22, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://jacobmasse.medium.com/hp-envy-5000-printer-dos-vulnerability-8cae52c87b41
https://medium.com/@jacobmasse/hp-envy-5000-printer-dos-vulnerability-8cae52c87b41

History

Fri, 22 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title	Concurrent TCP Connection Denial of Service on HP Envy 5000 Printers

Fri, 22 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Title		Concurrent TCP Connection Denial of Service on HP Envy 5000 Printers

Fri, 22 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400 CWE-770
References		https://jacobmasse.medium.com/hp-envy-5000-printer-dos-vulnerability-8cae52c87b41
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.
References		https://medium.com/@jacobmasse/hp-envy-5000-printer-dos-vulnerability-8cae52c87b41

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-22T00:00:00.000Z

Updated: 2026-05-22T17:42:28.312Z

Reserved: 2026-04-29T00:00:00.000Z

Link: CVE-2026-42626

Vulnrichment

Updated: 2026-05-22T17:42:24.445Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-22T20:00:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object