CVE-2026-27447
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
9th
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
| CWE | CWE-863 |
| Vendor | openprinting |
| Product | cups |
| Published | Apr 3, 2026 |
| Last Updated | Apr 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for openprinting cups
Be the first to know when new medium vulnerabilities affecting openprinting cups are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
OpenPrinting / cups
<= 2.4.16