You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cups vulnerability
About this tag
The cups vulnerability tag covers security issues in the Common UNIX Printing System (CUPS), an open-source printing subsystem used on Linux and Unix-like systems. Recent discussions include CVE-2026-34978, a medium-risk path traversal vulnerability that allows remote IPP clients to corrupt state files like job.cache via the RSS notification URI field. Another covered vulnerability is CVE-2025-58436, a denial-of-service flaw where a slow client can stall the CUPS daemon, fixed in CUPS v2.4.15. These threads highlight risks in print infrastructure, including cache manipulation and service disruption, and provide patch guidance. The tag is relevant for IT professionals managing print servers that interact with Windows clients.
CVE-2026-34978 is a medium-severity OpenPrinting CUPS vulnerability, published in early April 2026, that lets a remote IPP client abuse the RSS notification URI field to traverse out of CUPS’ RSS cache directory and overwrite lp-writable state files such as job.cache. It is not the kind of bug...
A single, slow client can stall the Common UNIX Printing System (CUPS) daemon (cupsd) and render an entire print service unusable — a denial‑of‑service vulnerability tracked as CVE‑2025‑58436 that was fixed in CUPS v2.4.15 and affects upstream packages prior to that release.
Background /...