CVE-2026-41079

low Red Hat
CVSS v3 Base Score
4.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 96% most likely to be exploited
Attack Characteristics
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: April 24, 2026 (76 days ago)
Last Modified: April 24, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in CUPS. A network-adjacent attacker can send a specially crafted Simple Network Management Protocol (SNMP) response to the CUPS SNMP backend, leading to an out-of-bounds read. This vulnerability allows for the disclosure of up to 176 bytes of sensitive memory, which is then converted and stored as printer supply description strings. Authenticated users can subsequently view this leaked information through IPP Get-Printer-Attributes responses and the CUPS web interface.

CWE

CWE-125

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4

References