CVE-2026-6180
Awaiting Analysis Awaiting Analysis - Queue
Race Condition in PaperCut MF Leading to Incorrect User Login

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: PaperCut

Description
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the initial data chunk while erroneously accepting subsequent chunks before a connection reset completes. This leads to the registration of a truncated badge ID string. While this typically results in an authentication failure, the vulnerability is compounded in environments utilizing custom badge-ID post-processing scripts. In such configurations, the truncated string may be transformed into a valid ID belonging to a different user, leading to unauthorized session establishment (Incorrect User Login) on the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6180
EUVD
EUVD-2026-27231
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
papercut mf *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in PaperCut MF that occurs when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions, such as dropped packets and out-of-order sequence counters, the server may incorrectly handle fragmented data chunks. If a sequence reset notification does not reach the server, it may reject the initial data chunk but mistakenly accept subsequent chunks before the connection reset completes.

As a result, a truncated badge ID string can be registered. Normally, this causes an authentication failure. However, in environments using custom badge-ID post-processing scripts, the truncated string might be converted into a valid ID for a different user, allowing unauthorized session establishment and incorrect user login on the device.

Impact Analysis

The primary impact of this vulnerability is the potential for unauthorized access. Due to the race condition and the handling of truncated badge ID strings, an attacker could gain access to a device or system under the identity of another user.

This unauthorized session establishment can lead to security breaches, as users may gain access to resources or information they are not permitted to see or use.

Mitigation Strategies

To mitigate this vulnerability, users are advised to apply the latest security patches or updates provided by PaperCut.

Compliance Impact

The vulnerability in PaperCut MF can lead to unauthorized session establishment due to incorrect user login caused by truncated badge ID strings. This unauthorized access risk could potentially impact compliance with standards and regulations such as GDPR and HIPAA, which require strict controls on user authentication and access to sensitive information.

However, the provided context and resources do not explicitly discuss the effects of this vulnerability on compliance with common standards or regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart