CVE-2026-34990: CWE-287: Improper Authentication in OpenPrinting cups
CVE-2026-34990 is an improper authentication vulnerability in OpenPrinting CUPS versions 2. 4. 16 and earlier. A local unprivileged user can trick the CUPS daemon (cupsd) into authenticating to a malicious localhost IPP service using a reusable Authorization: Local token. This token allows the attacker to perform administrative requests on localhost, including creating a local printer queue with a file URI that bypasses normal policy restrictions. Exploiting this can lead to arbitrary root file overwrites, enabling privilege escalation to root. No patches are publicly available at the time of this report.
AI Analysis
Technical Summary
OpenPrinting CUPS (Common UNIX Printing System) versions up to 2.4.16 contain an improper authentication vulnerability (CWE-287) where a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service using a reusable Authorization: Local token. This token grants the ability to perform /admin/ requests locally. By combining the CUPS-Create-Local-Printer request with the printer-is-shared=true setting, the attacker can create a printer queue with a file:/// URI, bypassing the FileDevice policy that normally rejects such URIs. Printing to this queue allows arbitrary root file overwrite, demonstrated by dropping a sudoers fragment to achieve root command execution. There are no known public patches or vendor advisories providing fixes at the time of publication.
Potential Impact
This vulnerability allows a local unprivileged user to escalate privileges to root by exploiting improper authentication and file overwrite capabilities in CUPS. The attacker can overwrite arbitrary root-owned files, potentially leading to full system compromise. The CVSS 4.0 base score is 5.0 (medium severity), reflecting the requirement for local access and some complexity in exploitation but significant impact if exploited.
Mitigation Recommendations
At the time of publication, no official patches or fixes are available for this vulnerability. Users should monitor the OpenPrinting project and vendor advisories for updates. Until a patch is released, restricting local user access to the CUPS service and limiting untrusted local user accounts may reduce risk. Avoid running untrusted code locally and consider disabling or restricting CUPS administration interfaces where possible.
CVE-2026-34990: CWE-287: Improper Authentication in OpenPrinting cups
Description
CVE-2026-34990 is an improper authentication vulnerability in OpenPrinting CUPS versions 2. 4. 16 and earlier. A local unprivileged user can trick the CUPS daemon (cupsd) into authenticating to a malicious localhost IPP service using a reusable Authorization: Local token. This token allows the attacker to perform administrative requests on localhost, including creating a local printer queue with a file URI that bypasses normal policy restrictions. Exploiting this can lead to arbitrary root file overwrites, enabling privilege escalation to root. No patches are publicly available at the time of this report.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OpenPrinting CUPS (Common UNIX Printing System) versions up to 2.4.16 contain an improper authentication vulnerability (CWE-287) where a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service using a reusable Authorization: Local token. This token grants the ability to perform /admin/ requests locally. By combining the CUPS-Create-Local-Printer request with the printer-is-shared=true setting, the attacker can create a printer queue with a file:/// URI, bypassing the FileDevice policy that normally rejects such URIs. Printing to this queue allows arbitrary root file overwrite, demonstrated by dropping a sudoers fragment to achieve root command execution. There are no known public patches or vendor advisories providing fixes at the time of publication.
Potential Impact
This vulnerability allows a local unprivileged user to escalate privileges to root by exploiting improper authentication and file overwrite capabilities in CUPS. The attacker can overwrite arbitrary root-owned files, potentially leading to full system compromise. The CVSS 4.0 base score is 5.0 (medium severity), reflecting the requirement for local access and some complexity in exploitation but significant impact if exploited.
Mitigation Recommendations
At the time of publication, no official patches or fixes are available for this vulnerability. Users should monitor the OpenPrinting project and vendor advisories for updates. Until a patch is released, restricting local user access to the CUPS service and limiting untrusted local user accounts may reduce risk. Avoid running untrusted code locally and consider disabling or restricting CUPS administration interfaces where possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T19:38:31.618Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d031770a160ebd925d201a
Added to database: 4/3/2026, 9:30:31 PM
Last enriched: 4/3/2026, 9:45:28 PM
Last updated: 4/3/2026, 10:45:11 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.