CVE-2026-6418: CWE-36 Absolute path traversal in PaperCut PaperCut NG/MF
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
AI Analysis
Technical Summary
This vulnerability exists in PaperCut MF 25.0.4's Shared Account Synchronization feature, where administrative users can configure a source path for account data synchronization without proper validation or sanitization. This flaw permits an authenticated admin to specify arbitrary local file paths, leading to directory enumeration and unauthorized reading of sensitive text-based files. When synchronization runs, the application parses and exposes the file contents within its interface, potentially leaking sensitive system or configuration information depending on service account privileges.
Potential Impact
An authenticated user with administrative privileges can exploit this vulnerability to read arbitrary files on the local filesystem. This may result in disclosure of sensitive configuration or system information accessible to the service account running PaperCut MF. The vulnerability does not allow privilege escalation or remote code execution but can compromise confidentiality of sensitive data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted personnel only and carefully control which users have synchronization configuration privileges to reduce risk.
CVE-2026-6418: CWE-36 Absolute path traversal in PaperCut PaperCut NG/MF
Description
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
CVSS v4.0
Score 4.6medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in PaperCut MF 25.0.4's Shared Account Synchronization feature, where administrative users can configure a source path for account data synchronization without proper validation or sanitization. This flaw permits an authenticated admin to specify arbitrary local file paths, leading to directory enumeration and unauthorized reading of sensitive text-based files. When synchronization runs, the application parses and exposes the file contents within its interface, potentially leaking sensitive system or configuration information depending on service account privileges.
Potential Impact
An authenticated user with administrative privileges can exploit this vulnerability to read arbitrary files on the local filesystem. This may result in disclosure of sensitive configuration or system information accessible to the service account running PaperCut MF. The vulnerability does not allow privilege escalation or remote code execution but can compromise confidentiality of sensitive data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted personnel only and carefully control which users have synchronization configuration privileges to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PaperCut
- Date Reserved
- 2026-04-16T03:15:03.794Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f996efcbff5d8610d19729
Added to database: 5/5/2026, 7:06:23 AM
Last enriched: 6/16/2026, 7:36:09 AM
Last updated: 6/18/2026, 10:15:44 PM
Views: 80
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.