OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

Description

A vulnerability, which was classified as problematic, was found in OpenPrinting CUPS up to 2.4.16 on Linux. This impacts an unknown function. Executing a manipulation can lead to incorrect authorization. This vulnerability is registered as CVE-2026-27447. It is possible to launch the attack remotely.

Affected Products

Vendor	Product	Versions
openprinting	cups	<= 2.4.16

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9(x_refsource_CONFIRM)
https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220(x_refsource_MISC)

Related News (2 articles)

Tier C

VulDB6h ago

CVE-2026-27447 | OpenPrinting CUPS up to 2.4.16 on Linux authorization

→ No new info (linked only)

Tier B

BSI Advisories2d ago

[NEU] [mittel] CUPS: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.14.8 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-863

PublishedApr 3, 2026

Last enriched6h agov2

Trending Score53

Source articles2

Independent2

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated description with new details and marked the vulnerability as actively exploited.

descriptionactivelyExploited

via VulDB

v16h ago

Initial creation

OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History