Fluid Attacks Database

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel10	cups	-	-
rpm rhel6	cups	-	-
debian 13	cups	=2.4.10-3 \|\| =2.4.10-3+deb13u1 \|\| =2.4.10-3+deb13u2 \|\| =2.4.10-4 \|\| =2.4.14-1 \|\| =2.4.15-1 \|\| =2.4.16-1 \|\| =2.4.17-1 \|\| =2.4.18-1	-
rpm rhel8	cups	-	-
debian 12	cups	=2.4.10-1 \|\| =2.4.10-2 \|\| =2.4.10-3 \|\| =2.4.10-4 \|\| =2.4.14-1 \|\| =2.4.15-1 \|\| =2.4.16-1 \|\| =2.4.17-1 \|\| =2.4.18-1 \|\| =2.4.2-3 \|\| =2.4.2-3+deb12u1 \|\| =2.4.2-3+deb12u2 \|\| =2.4.2-3+deb12u3 \|\| =2.4.2-3+deb12u4 \|\| =2.4.2-3+deb12u5 \|\| =2.4.2-3+deb12u6 \|\| =2.4.2-3+deb12u7 \|\| =2.4.2-3+deb12u8 \|\| =2.4.2-3+deb12u9 \|\| =2.4.2-4 \|\| =2.4.2-5 \|\| =2.4.2-6 \|\| =2.4.7-1 \|\| =2.4.7-1.1 \|\| =2.4.7-1.2 \|\| =2.4.7-2 \|\| =2.4.7-3	-
debian 14	cups	=2.4.10-3 \|\| =2.4.10-4 \|\| =2.4.14-1 \|\| =2.4.15-1 \|\| =2.4.16-1 \|\| >=0 <2.4.17-1	2.4.17-1
rpm rhel9	cups	-	-
rpm rhel7	cups	-	-
debian 11	cups	=2.3.3op2-3+deb11u1 \|\| =2.3.3op2-3+deb11u10 \|\| =2.3.3op2-3+deb11u2 \|\| =2.3.3op2-3+deb11u3 \|\| =2.3.3op2-3+deb11u4 \|\| =2.3.3op2-3+deb11u5 \|\| =2.3.3op2-3+deb11u6 \|\| =2.3.3op2-3+deb11u7 \|\| =2.3.3op2-3+deb11u8 \|\| =2.3.3op2-3+deb11u9 \|\| =2.3.3op2-4 \|\| =2.3.3op2-5 \|\| =2.3.3op2-6 \|\| =2.3.3op2-7 \|\| =2.4.10-1 \|\| =2.4.10-2 \|\| =2.4.10-3 \|\| =2.4.10-4 \|\| =2.4.14-1 \|\| =2.4.15-1 \|\| =2.4.16-1 \|\| =2.4.17-1 \|\| =2.4.18-1 \|\| =2.4.1op1-1 \|\| =2.4.1op1-2 \|\| =2.4.2-1 \|\| =2.4.2-2 \|\| =2.4.2-3 \|\| =2.4.2-4 \|\| =2.4.2-5 \|\| =2.4.2-6 \|\| =2.4.7-1 \|\| =2.4.7-1.1 \|\| =2.4.7-1.2 \|\| =2.4.7-2 \|\| =2.4.7-3	-
alpine v3.23	cups	=1.4.1-r0 \|\| =1.4.2-r0 \|\| =1.4.2-r1 \|\| =1.4.2-r2 \|\| =1.4.3-r0 \|\| =1.4.3-r1 \|\| =1.4.3-r2 \|\| =1.4.3-r3 \|\| =1.4.4-r0 \|\| =1.4.4-r1 \|\| =1.4.5-r0 \|\| =1.4.6-r0 \|\| =1.4.7-r0 \|\| =1.4.8-r0 \|\| =1.5.0-r0 \|\| =1.5.0-r1 \|\| =1.5.0-r2 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.2-r3 \|\| =1.5.3-r0 \|\| =1.5.4-r0 \|\| =1.5.4-r1 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.2-r0 \|\| =1.6.2-r1 \|\| =1.6.3-r0 \|\| =1.6.4-r0 \|\| =1.7.0-r0 \|\| =1.7.0-r1 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.3-r0 \|\| =1.7.3-r1 \|\| =1.7.4-r0 \|\| =1.7.5-r0 \|\| =2.0.0-r0 \|\| =2.0.1-r0 \|\| =2.0.2-r0 \|\| =2.0.2-r1 \|\| =2.0.2-r2 \|\| =2.0.3-r0 \|\| =2.0.4-r0 \|\| =2.1.0-r0 \|\| =2.1.1-r0 \|\| =2.1.2-r0 \|\| =2.1.3-r0 \|\| =2.1.3-r1 \|\| =2.1.4-r0 \|\| =2.2.1-r0 \|\| =2.2.1-r1 \|\| =2.2.10-r0 \|\| =2.2.11-r0 \|\| =2.2.12-r0 \|\| =2.2.12-r1 \|\| =2.2.12-r2 \|\| =2.2.2-r0 \|\| =2.2.2-r1 \|\| =2.2.2-r2 \|\| =2.2.3-r0 \|\| =2.2.3-r1 \|\| =2.2.4-r0 \|\| =2.2.5-r0 \|\| =2.2.5-r1 \|\| =2.2.6-r0 \|\| =2.2.9-r0 \|\| =2.3.3-r0 \|\| =2.3.3-r1 \|\| =2.3.3-r2 \|\| =2.3.3-r3 \|\| =2.3.3-r4 \|\| =2.4.0-r0 \|\| =2.4.1-r0 \|\| =2.4.1-r1 \|\| =2.4.10-r0 \|\| =2.4.10-r1 \|\| =2.4.11-r0 \|\| =2.4.12-r0 \|\| =2.4.13-r0 \|\| =2.4.16-r0 \|\| =2.4.2-r0 \|\| =2.4.2-r1 \|\| =2.4.2-r2 \|\| =2.4.2-r3 \|\| =2.4.2-r4 \|\| =2.4.2-r5 \|\| =2.4.2-r6 \|\| =2.4.2-r7 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.4-r0 \|\| =2.4.5-r0 \|\| =2.4.6-r0 \|\| =2.4.7-r0 \|\| =2.4.7-r1 \|\| =2.4.7-r2 \|\| =2.4.7-r3 \|\| =2.4.7-r4 \|\| =2.4.8-r0 \|\| =2.4.9-r0 \|\| >=0 <2.4.18-r0	2.4.18-r0

1-10 of 13

Aliases

1. CVE-2026-274472. NVD-2026-274473. OSV-2026-274474. OSV-DEBIAN-2026-274475. OSV-ALPINE-2026-274476. SECURITY-TRACKER-CVE-2026-274477. SECURITY-CVE-2026-27447

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.