CVE-2026-34979 MEDIUM

CVE-2026-34979: OpenPrinting CUPS: Heap overflow in `get_options()`

Vendor Openprinting
Product cups
Weakness CWE-122
Published April 3, 2026
Last update April 7, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
April 7, 2026 Record updated