CVE-2026-27447 MEDIUM

CVE-2026-27447: OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

Vendor Openprinting

Product cups

Weakness CWE-863 · Incorrect authorization

Published April 3, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.

Key dates

02Disclosure timeline

April 3, 2026 CVE published

April 6, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-27447 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2026-27447: OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

01Description

02Disclosure timeline

03References

04Related CVE