OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.
References
| Link | Resource |
|---|---|
| https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr | Exploit Vendor Advisory |
| https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr | Exploit Vendor Advisory |
Configurations
History
16 Apr 2026, 18:29
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:* | |
| First Time |
Openprinting cups
Openprinting |
|
| References | () https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr - Exploit, Vendor Advisory |
06 Apr 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr - |
03 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-03 22:16
Updated : 2026-04-16 18:29
NVD link : CVE-2026-34978
Mitre link : CVE-2026-34978
CVE.ORG link : CVE-2026-34978
JSON object : View
Products Affected
openprinting
- cups
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')