Auth bypass in Openprinting Cups

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP servi…

Vulnerability class: Broken Authentication

EPSS: 0.000 (0.2th percentile) — read the EPSS interpretation.

Affected products

Openprinting Cups — versions <= 2.4.16

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp (x_refsource_CONFIRM)