Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Remote Code Execution Vulnerability in CUPS Exposed

Remote Code Execution Vulnerability in CUPS Exposed

Posted on April 8, 2026 By CWS

An alarming vulnerability chain within the Common Unix Printing System (CUPS) has been identified, allowing remote attackers to execute malicious code with root-level access. This issue poses a significant threat to systems running CUPS versions 2.4.16 and earlier.

Discovery of Critical Flaws

Security researcher Asim Viladi Oglu Manizada and his team uncovered two zero-day vulnerabilities, designated as CVE-2026-34980 and CVE-2026-34990. These flaws, affecting older versions of CUPS, enable a sophisticated assault that transforms a network breach into full system control.

The attack exploits outdated print queues and manipulates localhost authentication, thereby elevating an initial unauthorized access into a comprehensive takeover.

Exploiting Legacy Print Queues

The initial phase of the attack targets CVE-2026-34980. By exploiting CUPS’s default settings, which accept anonymous print jobs over a network-exposed shared PostScript queue, attackers can bypass authentication.

This vulnerability arises from a parsing error where embedded newline characters in job attributes bypass the system’s escaping process. This allows attackers to inject malicious commands into trusted control records.

Subsequently, attackers can execute remote code by inserting a harmful filter entry into the PostScript Printer Description file, gaining control as the unprivileged ‘lp’ service user.

Privilege Escalation and Mitigation

After gaining initial access, the attacker can exploit CVE-2026-34990 to escalate privileges from the ‘lp’ user to root access. The default CUPS policy permits low-privilege users to direct the service to create temporary local printers on the localhost without administrative consent.

By setting up a rogue printer listener, attackers can intercept the setup and manipulate the CUPS daemon into using a local authorization token to bypass device URI restrictions. This results in an unauthorized overwrite of sensitive system files.

As of April 2026, no patches have been released to address these vulnerabilities. However, administrators can mitigate risks by disabling shared legacy queues, limiting network exposure, and enforcing strict authentication for print jobs.

Implementing stringent access controls through systems like AppArmor or SELinux can further restrict compromised processes from affecting critical files.

Stay updated with the latest cybersecurity developments by following us on Google News, LinkedIn, and X, or contact us to share your stories.

Cyber Security News Tags:AppArmor, authentication bypass, CUPS, CVE-2026-34980, CVE-2026-34990, cyber threats, Cybersecurity, network security, remote code execution, root access, security research, SELinux, Vulnerability, zero-day

Post navigation

Previous Post: AI Discovers Decade-Old RCE Flaw in Apache ActiveMQ
Next Post: North Korean Hackers Launch 1,700 Malicious Packages

Related Posts

LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code Cyber Security News
Perseus Malware Threatens Android Devices Globally Perseus Malware Threatens Android Devices Globally Cyber Security News
Key Cybersecurity Vendors to Watch at RSA 2026 Key Cybersecurity Vendors to Watch at RSA 2026 Cyber Security News
Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Beware of Weaponized AI Tool Installers That Infect Your Devices With Ransomware Cyber Security News
Global Crackdown on Crimenetwork Reveals Thousands of Users Global Crackdown on Crimenetwork Reveals Thousands of Users Cyber Security News
Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account Hackers Using Calendly-Themed Phishing Attack to Steal Google Workspace Account Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark