CVE-2026-6418

Name of the Vulnerable Software and Affected Versions PaperCut MF version 25.0.4

Description An issue in the Shared Account Synchronization component allows authenticated administrative users to specify arbitrary file paths on the local file system due to insufficient path validation and sanitization. By configuring a malicious source path, an attacker can enumerate directory structures and read sensitive text-based system or configuration files. When the synchronization process is triggered, the application parses the file contents and displays the data within the account management interface, potentially disclosing sensitive information based on the service account's permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.