CVE-2026-6418
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal in PaperCut MF Shared Account Sync

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: PaperCut

Description
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6418
EUVD
EUVD-2026-27233
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
papercut papercut_mf 25.0.4
papercut papercut_ng *
papercut papercut_hive *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
CWE-36 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in PaperCut MF allows an authenticated administrative user to read arbitrary files on the local file system, potentially exposing sensitive configuration or system information. This unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations such as GDPR or HIPAA, which require strict controls over access to and protection of sensitive information.

Specifically, if the exposed files contain personal data or protected health information, the vulnerability could result in a breach of confidentiality obligations mandated by these standards. Organizations using affected versions of PaperCut MF should consider this risk when assessing their compliance posture.

Mitigation Strategies

To mitigate this vulnerability, ensure that only trusted administrative users have access to the Shared Account Synchronization component of PaperCut MF.

Apply the latest security patches or updates provided by PaperCut as soon as they become available to address this and other vulnerabilities.

Restrict the permissions of the service account under which the application runs to minimize the impact of unauthorized file access.

Executive Summary

This vulnerability exists in the Shared Account Synchronization component of PaperCut MF version 25.0.4. It allows an authenticated administrative user to specify arbitrary file paths on the local file system due to insufficient validation and sanitization of the source path for account data synchronization.

As a result, the user can enumerate directory structures and read sensitive text-based configuration or system files that they should not normally access.

When the synchronization process runs, it attempts to parse the contents of the specified file and exposes this data within the application's account management interface.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive system information or configuration details.

The impact depends on the permissions of the service account under which the application is running, but it could expose critical data that may aid further attacks or compromise system security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6418. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart