CVE-2026-34990: CWE-287: Improper Authentication in OpenPrinting cups
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.
AI Analysis
Technical Summary
OpenPrinting CUPS versions up to 2.4.16 contain an authentication bypass vulnerability (CWE-287) where a local unprivileged user can coerce the cupsd service into authenticating to an attacker-controlled localhost IPP service using a reusable 'Authorization: Local' token. This token grants the ability to perform /admin/ requests locally. By combining the CUPS-Create-Local-Printer request with the printer-is-shared=true setting, an attacker can create a persistent printer queue with a file:/// URI, circumventing the FileDevice policy that normally rejects such URIs. Printing to this queue results in an arbitrary root file overwrite, demonstrated by dropping a sudoers fragment to achieve root command execution. No official patch or remediation is available at the time of this report.
Potential Impact
The vulnerability allows a local unprivileged attacker to escalate privileges to root by exploiting improper authentication and file overwrite capabilities in CUPS. This can lead to full system compromise on affected versions (<= 2.4.16). There are no known public exploits in the wild yet. The CVSS 4.0 base score is 5.0 (medium severity), reflecting the local attack vector and required privileges but significant impact if exploited.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the OpenPrinting project for updates and advisories. Until a fix is released, restricting local user access to the CUPS service and limiting unprivileged user capabilities may reduce risk. Avoid running untrusted code locally that could attempt to exploit this issue.
CVE-2026-34990: CWE-287: Improper Authentication in OpenPrinting cups
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenPrinting CUPS versions up to 2.4.16 contain an authentication bypass vulnerability (CWE-287) where a local unprivileged user can coerce the cupsd service into authenticating to an attacker-controlled localhost IPP service using a reusable 'Authorization: Local' token. This token grants the ability to perform /admin/ requests locally. By combining the CUPS-Create-Local-Printer request with the printer-is-shared=true setting, an attacker can create a persistent printer queue with a file:/// URI, circumventing the FileDevice policy that normally rejects such URIs. Printing to this queue results in an arbitrary root file overwrite, demonstrated by dropping a sudoers fragment to achieve root command execution. No official patch or remediation is available at the time of this report.
Potential Impact
The vulnerability allows a local unprivileged attacker to escalate privileges to root by exploiting improper authentication and file overwrite capabilities in CUPS. This can lead to full system compromise on affected versions (<= 2.4.16). There are no known public exploits in the wild yet. The CVSS 4.0 base score is 5.0 (medium severity), reflecting the local attack vector and required privileges but significant impact if exploited.
Mitigation Recommendations
No official patch or remediation is currently available for this vulnerability. Users should monitor the OpenPrinting project for updates and advisories. Until a fix is released, restricting local user access to the CUPS service and limiting unprivileged user capabilities may reduce risk. Avoid running untrusted code locally that could attempt to exploit this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T19:38:31.618Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d031770a160ebd925d201a
Added to database: 4/3/2026, 9:30:31 PM
Last enriched: 4/11/2026, 9:21:41 AM
Last updated: 5/20/2026, 8:51:35 PM
Views: 105
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.