CVE-2026-39047
Buffer Overflow in EPSON L14150 FL27PB via JetDirect RAW Printing
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| epson | l14150 | fl27pb |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have several impacts including denial of service (DoS) by causing the printer to crash or become unstable.
More severely, it can allow a remote attacker to execute arbitrary code on the printer, potentially taking control of the device.
Such control could be used to disrupt printing services, exfiltrate data, or use the printer as a foothold for further attacks within a network.
Can you explain this vulnerability to me?
CVE-2026-39047 is a buffer overflow vulnerability found in the RAW Printing Service (JetDirect/AppSocket) of the EPSON L14150 FL27PB printer. This flaw allows a remote attacker to send specially crafted network payloads to TCP port 9100, which is used for raw printing jobs.
The vulnerability causes memory corruption in the printer's embedded printing parser, which processes these RAW print job payloads. This can lead to abnormal firmware behavior or instability.
Exploitation of this vulnerability can allow an attacker to execute arbitrary code remotely on the printer.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual traffic on TCP port 9100, which is used by the RAW Printing Service (JetDirect). Indicators include large or unexpected print jobs and the presence of embedded QR codes or other covert markers in print outputs.
Security professionals can use the PrintHack tool designed for testing this vulnerability. It allows sending custom Printer Command Language (PCL) payloads to printers via port 9100 to simulate attacks and assess printer security.
- Monitor network traffic for unusual or large print jobs on port 9100.
- Use PrintHack to test printer responses and detect abnormal behavior.
- Check printer logs for unexpected commands or print jobs.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing printer authentication to restrict access to the RAW Printing Service on port 9100.
Network segmentation should be applied to isolate printers from untrusted networks and limit exposure.
Regularly monitor printer logs and network traffic for suspicious activity related to port 9100.
Conduct regular security assessments and penetration testing using tools like PrintHack to identify and address vulnerabilities proactively.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of CVE-2026-39047 on compliance with common standards and regulations such as GDPR or HIPAA.