CVE-2026-6418
Path Traversal in PaperCut MF Shared Account Sync
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: PaperCut
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| papercut | papercut_mf | 25.0.4 |
| papercut | papercut_ng | * |
| papercut | papercut_hive | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in PaperCut MF allows an authenticated administrative user to read arbitrary files on the local file system, potentially exposing sensitive configuration or system information. This unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require strict controls over access to and protection of sensitive information.
Specifically, if the exposed files contain personal data or protected health information, the vulnerability could result in a breach of confidentiality obligations mandated by these standards. Organizations using affected versions of PaperCut MF should consider this risk when assessing their compliance posture.
Can you explain this vulnerability to me?
This vulnerability exists in the Shared Account Synchronization component of PaperCut MF version 25.0.4. It allows an authenticated administrative user to specify arbitrary file paths on the local file system due to insufficient validation and sanitization of the source path for account data synchronization.
As a result, the user can enumerate directory structures and read sensitive text-based configuration or system files that they should not normally access.
When the synchronization process runs, it attempts to parse the contents of the specified file and exposes this data within the application's account management interface.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive system information or configuration details.
The impact depends on the permissions of the service account under which the application is running, but it could expose critical data that may aid further attacks or compromise system security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only trusted administrative users have access to the Shared Account Synchronization component of PaperCut MF.
Apply the latest security patches or updates provided by PaperCut as soon as they become available to address this and other vulnerabilities.
Restrict the permissions of the service account under which the application runs to minimize the impact of unauthorized file access.