Vulnerability Management, IoT, Network Security

New CUPS vulnerabilities threaten RCE, network breaches

A detailed view of a copiers network interface

(Adobe Stock)

Attackers could combine a pair of newly discovered vulnerabilities in the Common Unix Printing System used by Linux and other Unix-like systems to facilitate remote code execution and root file overwrite on the targeted network without authentication, reports The Register.

First of the CUPS security issues is CVE-2026-34980, which could be leveraged for print job submissions to a shared PostScript queue and subsequent RCE before being chained with the authorization flaw, tracked as CVE-2026-34990, that could permit to the queue a low-privileged account for eventual root file overwrite, according to an analysis from SpaceX security engineer Asim Viladi Oglu Manizada, who leveraged AI vulnerability hunting agents to discover the bugs.

While patches have yet to be issued to address the flaws affecting CUPS 2.4.16, organizations have been advised to use public commits that include fixes for the vulnerabilities. Meanwhile, Manizada noted the findings to indicate AI's promise in detecting code defects.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Address Resolution Protocol (ARP)BandwidthBastion HostCache PoisoningCellCollisionDecapsulationDisassemblyDomainDynamic Routing Protocol

You can skip this ad in 5 seconds