CVE-2026-5115
Session Hijacking in PaperCut NG/MF Embedded Application
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: PaperCut
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| papercut | papercut_mf | to 25.0.5 (exc) |
| papercut | papercut_mf_konica_minolta | to 25.0.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability affects the PaperCut NG/MF embedded application used on Konica Minolta multi-function devices. It involves session hijacking due to an insecure communication channel between the embedded application and the server. This insecure channel can leak sensitive data, which attackers could use to take over sessions or launch further attacks.
How can this vulnerability impact me? :
This vulnerability could allow attackers to steal sensitive information or hijack user sessions on the device. Such attacks might lead to unauthorized access, data theft, or phishing attacks targeting end users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the PaperCut NG/MF embedded application involves insecure communication channels that could leak sensitive information. Such leakage may lead to unauthorized data access or phishing attacks, which can compromise the confidentiality and integrity of personal or sensitive data.
This type of vulnerability could negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require organizations to protect sensitive data against unauthorized access and ensure secure communication channels.