PT-2026-30236 · Openprinting+3 · Cups+3

Manizada

·

Published

2026-04-01

·

Updated

2026-07-02

·

CVE-2026-34978

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.16 and earlier
Description The RSS notifier allows path traversal in the 'notify-recipient-uri' parameter (for example, 'rss:///../job.cache'). This enables a remote IPP client to write RSS XML bytes outside the CacheDir/rss directory to any location that is lp-writable. Since CacheDir is typically group-writable by default, the notifier can replace root-managed state files using a temporary file and the rename() function. This can lead to the corruption of the job cache, causing the scheduler to fail and previously queued jobs to disappear after a restart of cupsd.
Recommendations Update the rootio-cups package to a fixed version.

Exploit

Fix

DoS

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-05582
CVE-2026-34978
ECHO-6ED2-4F33-7D2A
OESA-2026-1932
OESA-2026-1933
OESA-2026-2018
OESA-2026-2019
OESA-2026-2020
OESA-2026-2021
OPENSUSE-SU-2026:10589-1
RHSA-2026:8814
SUSE-SU-2026:2718-1
SUSE-SU-2026:2732-1
USN-8405-1

Affected Products

Cups
Linuxmint
Red Os
Ubuntu