Scanner gratuitement
MEDIUMCVE-2026-34990

OpenPrinting CUPS: Divulgation de token d'administrateur local dans CUPS via des imprimantes temporaires

Plateforme

linux

Composant

cups

Corrigé dans

2.4.17

AI Confidence: highNVDEPSS 0.0%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2026-34990 describes a local privilege escalation vulnerability discovered in CUPS (Common Unix Printing System) versions 2.4.16 and prior. An attacker can leverage this flaw to gain root access by coercing the CUPS daemon into authenticating to a malicious IPP service and subsequently overwriting files. The vulnerability impacts Linux and other Unix-like operating systems utilizing CUPS, and a fix is available in version 2.4.17.

Impact et Scénarios d'Attaquetraduction en cours…

This vulnerability allows a local, unprivileged user to achieve arbitrary root file overwrite. The attack chain involves tricking the CUPS daemon (cupsd) into authenticating to a controlled IPP service using a reusable authorization token. This token then allows the attacker to submit /admin/ requests on localhost. Crucially, combining CUPS-Create-Local-Printer with printer-is-shared=true enables the creation of a persistent file:///... queue, bypassing normal file device policies. Printing to this queue results in arbitrary root file overwrite, effectively granting the attacker complete control over the system’s file system. This is a critical vulnerability due to its potential for complete system compromise.

Contexte d'Exploitationtraduction en cours…

This vulnerability was publicly disclosed on 2026-04-03. A proof-of-concept (PoC) is publicly available, demonstrating the exploit's feasibility. The vulnerability is not currently listed on CISA KEV, and its EPSS score is pending evaluation. Active exploitation campaigns have not been confirmed at the time of writing, but the availability of a PoC increases the risk of exploitation.

Qui Est à Risquetraduction en cours…

Systems running CUPS 2.4.16 and earlier are at risk, particularly those with local user accounts. Shared hosting environments utilizing CUPS are also vulnerable, as a compromised user account could potentially exploit this vulnerability to impact the entire host. Legacy systems or those with outdated CUPS installations are especially susceptible.

Étapes de Détectiontraduction en cours…

• linux / server:

journalctl -u cups | grep -i "authorization: local"

• linux / server:

lsof -i :631 | grep -i "attacker-controlled"

• linux / server:

ps aux | grep cupsd | grep -i "ipp://attacker-controlled"

Chronologie de l'Attaque

  1. Disclosure

    disclosure

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Rapports1 rapport de menace

EPSS

0.01% (percentile 2%)

Logiciel Affecté

Composantcups
FournisseurOpenPrinting
Plage affectéeCorrigé dans
<= 2.4.16 – <= 2.4.162.4.17

Classification de Faiblesse (CWE)

CWE-287

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation is to upgrade CUPS to version 2.4.17 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restricting access to the /admin/ endpoint via firewall rules or access control lists can limit the attack surface. Monitoring CUPS logs for suspicious authentication attempts or printer creation activity is also recommended. While a WAF is unlikely to directly mitigate this, it could potentially detect and block malicious IPP requests. After upgrading, verify the fix by attempting to create a shared printer with a file:/// URI and confirming that the creation fails.

Comment corriger

Mettez à jour CUPS à la version 2.4.17 ou ultérieure pour atténuer la vulnérabilité. Cette mise à jour corrige la façon dont CUPS gère l'authentification des tokens, empêchant ainsi la divulgation de tokens d'administrateur local et l'exécution de commandes arbitraires.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2026-34990 — Arbitrary File Overwrite in CUPS 2.4.16?

CVE-2026-34990 is a local privilege escalation vulnerability in CUPS versions 2.4.16 and earlier, allowing an unprivileged user to overwrite arbitrary files as root.

Am I affected by CVE-2026-34990 in CUPS 2.4.16?

If you are running CUPS version 2.4.16 or earlier, you are potentially affected by this vulnerability. Upgrade to 2.4.17 or later to mitigate the risk.

How do I fix CVE-2026-34990 in CUPS 2.4.16?

The recommended fix is to upgrade CUPS to version 2.4.17 or later. As a temporary workaround, restrict access to the /admin/ endpoint and monitor CUPS logs.

Is CVE-2026-34990 being actively exploited?

While active exploitation campaigns have not been confirmed, a public proof-of-concept exists, increasing the likelihood of exploitation.

Where can I find the official CUPS advisory for CVE-2026-34990?

Refer to the OpenPrinting CUPS security advisory for detailed information and updates: https://www.openprinting.org/security/.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE