CVE-2026-4794 identifies multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF, a print management software widely used in enterprise environments. These vulnerabilities arise from improper neutralization of input during web page generation, classified under CWE-79. Authenticated administrator users can inject arbitrary web scripts or HTML code via different user interface fields, which are not properly sanitized or encoded before rendering. This flaw enables attackers to execute malicious scripts in the context of other administrators’ browsers, potentially compromising their sessions or enabling unauthorized administrative actions. The attack requires the attacker to have authenticated access with administrator privileges and an active login session, as well as some user interaction to trigger the malicious payload. The CVSS 4.0 base score is 2.1, reflecting low severity due to the limited attack vector and prerequisites. No known exploits have been reported in the wild, and no patches are linked in the provided data, though the vulnerability affects versions before 25.0.10, implying that upgrading to 25.0.10 or later is the recommended remediation. The vulnerability highlights the importance of proper input validation and output encoding in web applications, especially those handling administrative functions.

The primary impact of CVE-2026-4794 is the potential compromise of administrator sessions within PaperCut NG/MF environments. If exploited, attackers with administrator credentials could execute arbitrary scripts in other administrators’ browsers, leading to session hijacking, unauthorized configuration changes, or other malicious administrative actions. This could undermine the integrity and availability of print management services, potentially disrupting organizational workflows. However, the requirement for authenticated administrator access and user interaction significantly limits the attack surface and reduces the likelihood of widespread exploitation. Organizations with multiple administrators or shared administrative consoles are at higher risk, as the vulnerability could facilitate lateral privilege abuse or persistent unauthorized control. While confidentiality impact is limited to the administrative context, the integrity and availability of the system could be affected if attackers manipulate administrative settings or disrupt printing services.

To mitigate CVE-2026-4794, organizations should upgrade PaperCut NG/MF to version 25.0.10 or later, where the vulnerability is addressed. In the absence of immediate patching, administrators should restrict access to the PaperCut administrative interface using network segmentation, VPNs, or IP whitelisting to limit exposure. Implement multi-factor authentication (MFA) for administrator accounts to reduce the risk of credential compromise. Regularly audit administrator accounts and sessions to detect suspicious activity. Additionally, review and harden input validation and output encoding practices in any custom integrations or plugins interacting with PaperCut’s UI. Educate administrators to avoid clicking on suspicious links or inputting untrusted data in administrative fields. Monitoring web application logs for unusual input patterns can help detect attempted exploitation. Finally, consider deploying web application firewalls (WAFs) with rules tuned to detect and block XSS payloads targeting the PaperCut interface.