CVE-2026-5115

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-5115
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:*
History

03 Apr 2026, 18:11

Type Values Removed Values Added
First Time Papercut papercut Mf
Papercut papercut Mf Konica Minolta
Papercut
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:*
References () https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/ - () https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/ - Vendor Advisory

01 Apr 2026, 14:24

Type Values Removed Values Added
Summary
  • (es) El PaperCut NG/MF (específicamente, la aplicación integrada para dispositivos Konica Minolta) es vulnerable al secuestro de sesión. La aplicación integrada de PaperCut NG/MF es una interfaz de software que se ejecuta directamente en la pantalla táctil de un dispositivo multifunción. Se descubrió internamente que el canal de comunicación entre la aplicación integrada y el servidor era inseguro, lo que podría filtrar datos, incluida información sensible que podría usarse para montar un ataque en el dispositivo. Dicho ataque podría usarse potencialmente para robar datos o para realizar un ataque de phishing en el usuario final.

31 Mar 2026, 01:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-31 01:16

Updated : 2026-04-03 18:11

NVD link : CVE-2026-5115

Mitre link : CVE-2026-5115

CVE.ORG link : CVE-2026-5115

JSON object : View

Products Affected

papercut

  • papercut_mf
  • papercut_mf_konica_minolta
CWE
CWE-319

Cleartext Transmission of Sensitive Information