🔐 CVE Alert

CVE-2026-4794

UNKNOWN 0.0

Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
13th

Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).

CWE CWE-79
Vendor papercut
Product papercut ng/mf
Published Mar 31, 2026
Last Updated Mar 31, 2026
Stay Ahead of the Next One

Get instant alerts for papercut papercut ng/mf

Be the first to know when new unknown vulnerabilities affecting papercut papercut ng/mf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

PaperCut / PaperCut NG/MF
0 < 25.0.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗
papercut.com: https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/