Description
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.
Published: 2026-05-20
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer overflow in the hpcups processing path that can be triggered by crafted print data. An attacker who can direct such data to the vulnerable print service may gain elevated privileges on the host or execute code with the permissions of the printing daemon. This results in a serious loss of confidentiality, integrity, and availability for the affected system.

Affected Systems

The HP Linux Imaging and Printing Software running on Linux operating systems is the affected product. No specific version numbers are listed, so all installations of this software are potentially impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 9.3 indicates a critical severity. The EPSS score of 0.00022 (< 1%) indicates a very low probability of exploitation, though the lack of a KEV listing does not diminish the risk. The flaw can be exploited through the print service, which is typically accessible over the local network, making remote or local exploitation plausible depending on the system’s network configuration. If an attacker can send crafted print jobs, they can trigger the integer overflow and control code execution.

Generated by OpenCVE AI on May 21, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update HP Linux Imaging and Printing Software to the latest version released by HP.
  • If a patch is not immediately available, disable the hpcups spooler or restrict it to trusted users only to prevent unauthorized print jobs from being processed.
  • Implement network segmentation so that only authorized network segments can access the printing service and enforce the least privilege principle for the printer daemon.

Generated by OpenCVE AI on May 21, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CPEs cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Hp
Hp linux Imaging And Printing
Vendors & Products Hp
Hp linux Imaging And Printing

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.
Title HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution
First Time appeared Hp Inc
Hp Inc hp Linux Imaging And Printing Software
Weaknesses CWE-122
CPEs cpe:2.3:a:hp_inc:hp_linux_imaging_and_printing_software:*:*:linux:*:*:*:*:*
Vendors & Products Hp Inc
Hp Inc hp Linux Imaging And Printing Software
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hp Linux Imaging And Printing
Hp Inc Hp Linux Imaging And Printing Software
cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2026-05-21T13:03:29.429Z

Reserved: 2026-05-14T18:58:13.857Z

Link: CVE-2026-8631

cve-icon Vulnrichment

Updated: 2026-05-21T13:03:26.134Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T21:16:18.090

Modified: 2026-05-21T18:58:41.297

Link: CVE-2026-8631

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T21:00:16Z

Weaknesses