CVE-2026-5115
Received Received - Intake
Session Hijacking in PaperCut NG/MF Embedded Application

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: PaperCut

Description
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an Β attack on the device.Β Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5115
EUVD
EUVD-2026-17273
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
papercut papercut_mf to 25.0.5 (exc)
papercut papercut_mf_konica_minolta to 25.0.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in the PaperCut NG/MF embedded application involves insecure communication channels that could leak sensitive information. Such leakage may lead to unauthorized data access or phishing attacks, which can compromise the confidentiality and integrity of personal or sensitive data.

This type of vulnerability could negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require organizations to protect sensitive data against unauthorized access and ensure secure communication channels.

Executive Summary

The vulnerability affects the PaperCut NG/MF embedded application used on Konica Minolta multi-function devices. It involves session hijacking due to an insecure communication channel between the embedded application and the server. This insecure channel can leak sensitive data, which attackers could use to take over sessions or launch further attacks.

Impact Analysis

This vulnerability could allow attackers to steal sensitive information or hijack user sessions on the device. Such attacks might lead to unauthorized access, data theft, or phishing attacks targeting end users.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5115. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart