CVE-2026-4794

Name of the Vulnerable Software and Affected Versions PaperCut NG/MF versions prior to 25.0.10

Description The software contains multiple cross-site scripting (XSS) flaws. Authenticated administrator users can inject arbitrary web script or HTML code through various UI fields. This could lead to the compromise of other administrator sessions or the execution of unauthorized actions within the administrator's authenticated context, requiring an active login session.

Recommendations Update PaperCut NG/MF to version 25.0.10 or later.