CVE-2026-4682: CWE-121 Stack-based buffer overflow in HP Inc HP DeskJet 2800e All-in-One Printer series
A stack-based buffer overflow vulnerability exists in the HP DeskJet 2800e All-in-One Printer series. This flaw arises from improper validation and handling of specially crafted Web Services for Devices (WSD) scan requests. WSD Scan is a Windows-based network scanning protocol that enables PCs to discover and send scan jobs to networked scanners and multifunction printers without vendor-specific drivers. The vulnerability could allow remote code execution without requiring user interaction or privileges. The CVSS 4. 0 base score is 8. 7, indicating high severity. No official patch or remediation guidance has been published by HP as of the provided data. There are no known exploits in the wild currently. The vulnerability affects network-exposed devices using the WSD scanning protocol.
AI Analysis
Technical Summary
CVE-2026-4682 is a high-severity stack-based buffer overflow vulnerability (CWE-121) in HP DeskJet 2800e All-in-One Printer series. It occurs due to improper validation of WSD scan requests, a Microsoft Windows network scanning protocol. This flaw can be triggered remotely without authentication, potentially leading to remote code execution on the affected device. The vulnerability is network accessible and does not require user interaction or privileges. No official patch or remediation level has been provided by HP at this time, and no known exploits have been reported in the wild.
Potential Impact
Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code on the affected HP DeskJet 2800e All-in-One Printer device. This could compromise the device's integrity and potentially allow further network pivoting or disruption of printing/scanning services. The vulnerability is rated high severity with a CVSS 4.0 score of 8.7. There are no reports of active exploitation currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the HP vendor advisory for current remediation guidance. Until an official fix is released, consider limiting network exposure of affected devices, especially restricting access to the WSD scanning service. Monitor HP's security advisories for updates on patches or mitigations. No vendor advisory states that no action is required or that the issue is already mitigated.
CVE-2026-4682: CWE-121 Stack-based buffer overflow in HP Inc HP DeskJet 2800e All-in-One Printer series
Description
A stack-based buffer overflow vulnerability exists in the HP DeskJet 2800e All-in-One Printer series. This flaw arises from improper validation and handling of specially crafted Web Services for Devices (WSD) scan requests. WSD Scan is a Windows-based network scanning protocol that enables PCs to discover and send scan jobs to networked scanners and multifunction printers without vendor-specific drivers. The vulnerability could allow remote code execution without requiring user interaction or privileges. The CVSS 4. 0 base score is 8. 7, indicating high severity. No official patch or remediation guidance has been published by HP as of the provided data. There are no known exploits in the wild currently. The vulnerability affects network-exposed devices using the WSD scanning protocol.
CVSS v4.0
Score 8.7high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-4682 is a high-severity stack-based buffer overflow vulnerability (CWE-121) in HP DeskJet 2800e All-in-One Printer series. It occurs due to improper validation of WSD scan requests, a Microsoft Windows network scanning protocol. This flaw can be triggered remotely without authentication, potentially leading to remote code execution on the affected device. The vulnerability is network accessible and does not require user interaction or privileges. No official patch or remediation level has been provided by HP at this time, and no known exploits have been reported in the wild.
Potential Impact
Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary code on the affected HP DeskJet 2800e All-in-One Printer device. This could compromise the device's integrity and potentially allow further network pivoting or disruption of printing/scanning services. The vulnerability is rated high severity with a CVSS 4.0 score of 8.7. There are no reports of active exploitation currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the HP vendor advisory for current remediation guidance. Until an official fix is released, consider limiting network exposure of affected devices, especially restricting access to the WSD scanning service. Monitor HP's security advisories for updates on patches or mitigations. No vendor advisory states that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- hp
- Date Reserved
- 2026-03-23T22:00:03.720Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dfa86082d89c981f539bdc
Added to database: 4/15/2026, 3:01:52 PM
Last enriched: 5/30/2026, 8:21:11 PM
Last updated: 5/30/2026, 10:57:09 PM
Views: 146
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.