{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8631","assignerOrgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","state":"PUBLISHED","assignerShortName":"hp","dateReserved":"2026-05-14T18:58:13.857Z","datePublished":"2026-05-20T20:11:14.070Z","dateUpdated":"2026-06-30T12:10:53.335Z"},"containers":{"cna":{"providerMetadata":{"orgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","shortName":"hp","dateUpdated":"2026-05-20T20:11:14.070Z"},"title":"HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-122","description":"CWE-122: Heap-based Buffer Overflow","type":"CWE"}]}],"affected":[{"vendor":"HP Inc","product":"HP Linux Imaging and Printing Software","platforms":["Linux"],"versions":[{"status":"affected","version":"0","lessThan":"3.26.4","versionType":"custom"}],"defaultStatus":"affected"}],"cpeApplicability":[{"operator":"OR","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp_inc:hp_linux_imaging_and_printing_software:*:*:linux:*:*:*:*:*","versionStartIncluding":"0","versionEndExcluding":"3.26.4"}]}]}],"descriptions":[{"lang":"en","value":"A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data.","supportingMedia":[{"type":"text/html","base64":false,"value":"A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data."}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"CRITICAL","baseScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-21T03:55:54.973002Z","id":"CVE-2026-8631","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-21T13:03:29.429Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"}],"datePublic":"2026-05-20T20:11:14.070Z","descriptions":[{"lang":"en","value":"A flaw was found in HP Linux Imaging and Printing Software (HPLIP). An integer overflow in the hpcups processing path when handling crafted print data may lead to arbitrary code execution or privilege escalation on the affected system."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-8631"},{"name":"RHBZ#2480300","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480300"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8631.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26228"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26335"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26297"}],"solutions":[{"lang":"en","value":"RHSA-2026:26228: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:26335: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:26297: Red Hat Enterprise Linux AppStream (v. 9)"}],"timeline":[{"lang":"en","time":"2026-05-20T21:01:20.613Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-20T20:11:14.070Z","value":"Made public."}],"title":"HPLIP: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:10:53.335Z"}}]}}