CVE-2026-6418: CWE-36 Absolute path traversal in PaperCut PaperCut NG/MF
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
AI Analysis
Technical Summary
This vulnerability exists in PaperCut MF 25.0.4's Shared Account Synchronization feature, where administrative users can configure a source path for account data synchronization. Because the application does not properly validate or sanitize the specified file paths, an authenticated admin can perform absolute path traversal to read arbitrary text-based files on the local filesystem. When synchronization is triggered, the contents of these files are parsed and displayed in the account management interface, potentially disclosing sensitive system or configuration data. The impact depends on the permissions of the service account running the application. No known exploits are reported in the wild, and no patch or official remediation has been published yet.
Potential Impact
An authenticated user with administrative privileges can exploit this vulnerability to read arbitrary files on the local system where PaperCut MF is installed. This can lead to unauthorized disclosure of sensitive configuration or system information. The severity is rated medium (CVSS 4.6), reflecting limited impact due to required administrative access and lack of remote code execution or privilege escalation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor configuration changes related to account synchronization paths. Avoid specifying untrusted or external file paths in synchronization settings.
CVE-2026-6418: CWE-36 Absolute path traversal in PaperCut PaperCut NG/MF
Description
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in PaperCut MF 25.0.4's Shared Account Synchronization feature, where administrative users can configure a source path for account data synchronization. Because the application does not properly validate or sanitize the specified file paths, an authenticated admin can perform absolute path traversal to read arbitrary text-based files on the local filesystem. When synchronization is triggered, the contents of these files are parsed and displayed in the account management interface, potentially disclosing sensitive system or configuration data. The impact depends on the permissions of the service account running the application. No known exploits are reported in the wild, and no patch or official remediation has been published yet.
Potential Impact
An authenticated user with administrative privileges can exploit this vulnerability to read arbitrary files on the local system where PaperCut MF is installed. This can lead to unauthorized disclosure of sensitive configuration or system information. The severity is rated medium (CVSS 4.6), reflecting limited impact due to required administrative access and lack of remote code execution or privilege escalation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor configuration changes related to account synchronization paths. Avoid specifying untrusted or external file paths in synchronization settings.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PaperCut
- Date Reserved
- 2026-04-16T03:15:03.794Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f996efcbff5d8610d19729
Added to database: 5/5/2026, 7:06:23 AM
Last enriched: 5/5/2026, 7:21:40 AM
Last updated: 5/5/2026, 8:12:01 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.