Vulnerability Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory is converted from UTF-16 to UTF-8 and stored as printer supply description strings, which are subsequently visible to authenticated users via IPP Get-Printer-Attributes responses and the CUPS web interface. This vulnerability is fixed in 2.4.17.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openprinting | Cups | < 2.4.17 |
Related Weaknesses (CWE)
References
- https://github.com/OpenPrinting/cups/commit/b7c2525a885f528d243c3a92197ca99609b3Patch
- https://github.com/OpenPrinting/cups/commit/d7fe0f521ff3b24676511e747b058362b9a2Patch
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrvExploitMitigationPatch
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrvExploitMitigationPatch
FAQ
What is CVE-2026-41079?
CVE-2026-41079 is a vulnerability with a CVSS score of 4.3 (MEDIUM). OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP back...
How severe is CVE-2026-41079?
CVE-2026-41079 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41079?
Check the references section above for vendor advisories and patch information. Affected products include: Openprinting Cups.