{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41079", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-16T16:43:03.176Z", "datePublished": "2026-04-24T16:54:38.742Z", "dateUpdated": "2026-04-25T01:47:44.540Z"}, "containers": {"cna": {"title": "OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv"}, {"name": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080"}, {"name": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737"}], "affected": [{"vendor": "OpenPrinting", "product": "cups", "versions": [{"version": "< 2.4.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T16:54:38.742Z"}, "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17."}], "source": {"advisory": "GHSA-6wpw-g8g6-wvrv", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-25T01:47:25.659814Z", "id": "CVE-2026-41079", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T01:47:44.540Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41079", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-25T01:47:25.659814Z"}}}], "references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-25T01:47:40.466Z"}}], "cna": {"title": "OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users", "source": {"advisory": "GHSA-6wpw-g8g6-wvrv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "OpenPrinting", "product": "cups", "versions": [{"status": "affected", "version": "< 2.4.17"}]}], "references": [{"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080", "name": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737", "name": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-24T16:54:38.742Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41079", "state": "PUBLISHED", "dateUpdated": "2026-04-25T01:47:44.540Z", "dateReserved": "2026-04-16T16:43:03.176Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-24T16:54:38.742Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CC76E8F-8DC0-4A44-A6EB-2C2C6CF289AC", "versionEndExcluding": "2.4.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17."}], "id": "CVE-2026-41079", "lastModified": "2026-04-27T13:40:54.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T17:16:21.340", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "cups: CUPS: Information disclosure via crafted SNMP response", "id": "2461611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461611"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface."], "name": "CVE-2026-41079", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "cups", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Not affected", "package_name": "cups", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-04-24T16:54:38Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41079\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41079\nhttps://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3f080\nhttps://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a20737\nhttps://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv"], "statement": "This is a Low impact information disclosure flaw in CUPS, where a network-adjacent attacker can trigger an out-of-bounds read in the SNMP backend. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then accessible to authenticated users via the CUPS web interface or IPP responses. The impact is limited due to the network-adjacent attack vector, the requirement for authenticated access to view the leaked data and the small amount of leak information which is then garbled by the UTF-8 conversion. For the CUPS versions distributed with Red Hat supported products there's no availability impact as CUPS is not built with debugging mechanisms, such as address sanitizers or valgrind, which could lead the targeted application to crash.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.4.17)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "cups", "source": "cna", "vendor": "OpenPrinting"}, "product": "cups", "vendor": "openprinting"}], "analysis": {"en": {"generated_at": "2026-04-29T01:37:26.465072+00:00", "value": {"mitigation_remediation": ["Upgrade OpenPrinting CUPS to version 2.4.17 or later to apply the fix.", "If the SNMP backend is not required, disable the SNMP supply\u2011level polling feature.", "Restrict SNMP access to trusted hosts and users to limit the ability to send crafted SNMP responses."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Versions of OpenPrinting CUPS older than 2.4.17 are affected. The vulnerability applies to the CUPS SNMP backend used on Linux and other Unix\u2011like systems. Updating to CUPS 2.4.17 or newer eliminates the bug; no other versions are known to be impacted.", "description_and_impact": "OpenPrinting CUPS is an open source printing system for Linux and other Unix\u2011like operating systems. Prior to 2.4.17, an attacker adjacent to the network can send a crafted SNMP response to the CUPS SNMP backend that triggers an out\u2011of\u2011bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF\u201116 to UTF\u20118 and stored as printer supply description strings, which are then visible to authenticated users via IPP Get\u2011Printer\u2011Attributes responses and the CUPS web interface, illustrating a CWE\u2011125 (Out\u2011of\u2011Bounds Read) that results in a CWE\u2011200 (Information Exposure).", "risk_and_exploitability": "With a CVSS score of 4.3 the assessment rate is 'low' severity. The EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker must be a network\u2011adjacent actor able to send a crafted SNMP response to the CUPS SNMP backend and that authenticated access to the server is required to read the leaked supply descriptions. The exposure is limited to information disclosure, and this could aid further reconnaissance, as inferred from the nature of leaked data."}}}}, "created": "2026-04-27T20:30:12.049204+00:00", "updated": "2026-04-29T01:45:26.022320+00:00", "vendors": ["openprinting", "openprinting$PRODUCT$cups"]}