CVE-2026-5115
Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
2th
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
| CWE | CWE-319 |
| Vendor | papercut |
| Product | papercut ng/mf |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for papercut papercut ng/mf
Be the first to know when new unknown vulnerabilities affecting papercut papercut ng/mf are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
PaperCut / Papercut NG/MF
0 < 25.0.5 0 < 25.0.9 (KM certified)
References
Credits
Xavier Gibbon