CVE-2026-27447
Received Received - Intake
Authorization Bypass in CUPS Daemon via Case-Insensitive Username

Publication date: 2026-04-03

Last updated on: 2026-04-22

Assigner: GitHub, Inc.

Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27447
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openprinting cups to 2.4.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the CUPS daemon (cupsd) of OpenPrinting CUPS versions 2.4.16 and earlier. It is caused by an authorization bypass due to case-insensitive username comparison during authorization checks.

Because the system treats usernames that differ only in letter case as equivalent, an unprivileged user can gain unauthorized access to restricted operations by using a username that differs only in case from an authorized user.

Impact Analysis

This vulnerability can allow an unprivileged user to perform restricted operations that they should not have access to by exploiting the case-insensitive username comparison.

Such unauthorized access could lead to unauthorized printing operations or manipulation of the printing system, potentially compromising system integrity or confidentiality.

Mitigation Strategies

At the time of publication, there are no publicly available patches for this vulnerability.

To mitigate the risk, consider restricting user account creation to avoid usernames that differ only in case from authorized users.

Additionally, monitor and limit access to the CUPS daemon to trusted users only, and apply strict access controls where possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27447. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart