Vulnerability Description
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the initial data chunk while erroneously accepting subsequent chunks before a connection reset completes. This leads to the registration of a truncated badge ID string. While this typically results in an authentication failure, the vulnerability is compounded in environments utilizing custom badge-ID post-processing scripts. In such configurations, the truncated string may be transformed into a valid ID belonging to a different user, leading to unauthorized session establishment (Incorrect User Login) on the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Papercut | Papercut Mf | < 24.1.9 |
| Papercut | Papercut Ng | < 24.1.9 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-6180?
CVE-2026-6180 is a vulnerability with a CVSS score of 8.1 (HIGH). A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence cou...
How severe is CVE-2026-6180?
CVE-2026-6180 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-6180?
Check the references section above for vendor advisories and patch information. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.