CVE-2026-39047
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in EPSON L14150 FL27PB via JetDirect RAW Printing

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: MITRE

Description
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-39047
EUVD
EUVD-2026-31118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
epson l14150 fl27pb
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have several impacts including denial of service (DoS) by causing the printer to crash or become unstable.

More severely, it can allow a remote attacker to execute arbitrary code on the printer, potentially taking control of the device.

Such control could be used to disrupt printing services, exfiltrate data, or use the printer as a foothold for further attacks within a network.

Executive Summary

CVE-2026-39047 is a buffer overflow vulnerability found in the RAW Printing Service (JetDirect/AppSocket) of the EPSON L14150 FL27PB printer. This flaw allows a remote attacker to send specially crafted network payloads to TCP port 9100, which is used for raw printing jobs.

The vulnerability causes memory corruption in the printer's embedded printing parser, which processes these RAW print job payloads. This can lead to abnormal firmware behavior or instability.

Exploitation of this vulnerability can allow an attacker to execute arbitrary code remotely on the printer.

Detection Guidance

This vulnerability can be detected by monitoring for unusual traffic on TCP port 9100, which is used by the RAW Printing Service (JetDirect). Indicators include large or unexpected print jobs and the presence of embedded QR codes or other covert markers in print outputs.

Security professionals can use the PrintHack tool designed for testing this vulnerability. It allows sending custom Printer Command Language (PCL) payloads to printers via port 9100 to simulate attacks and assess printer security.

  • Monitor network traffic for unusual or large print jobs on port 9100.
  • Use PrintHack to test printer responses and detect abnormal behavior.
  • Check printer logs for unexpected commands or print jobs.
Mitigation Strategies

Immediate mitigation steps include implementing printer authentication to restrict access to the RAW Printing Service on port 9100.

Network segmentation should be applied to isolate printers from untrusted networks and limit exposure.

Regularly monitor printer logs and network traffic for suspicious activity related to port 9100.

Conduct regular security assessments and penetration testing using tools like PrintHack to identify and address vulnerabilities proactively.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-39047 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39047. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart