Security researchers have discovered two new vulnerabilities in the widely used CUPS printing system, which is deployed by default on Linux and Unix-like systems.
By combining these vulnerabilities, an attacker without login credentials can remotely execute code and ultimately gain full control over a system, according to The Register.
The issues were found in version 2.4.16 of CUPS. Although no official update is available yet, patches have been published to address the vulnerabilities. The discovery was made by a researcher who, using automated analysis tools, specifically searched for weaknesses in the system.
CUPS is used in many environments to manage print jobs, ranging from desktops to corporate networks. Precisely because the system is so widely used, security issues can have major consequences. This is particularly true in situations where printers are shared within a network, which is common in organizations.
Prepared print job
The first vulnerability exploits a default setting that allows print jobs to be accepted without authentication when the printer queue is shared. In such a configuration, an attacker can send a specially crafted print job and thereby execute code on the system. This, however, only grants limited privileges.
The second vulnerability lies in CUPS’s authorization handling. Here, a local user without elevated privileges can trick the system into connecting to a malicious print service. This allows files to be overwritten with root privileges. When this flaw is combined with the first vulnerability, an external attacker can gain full control.
According to The Register, it is difficult to estimate how many systems are actually vulnerable. However, it notes that the techniques required to exploit these vulnerabilities are now relatively easy to implement, partly because sample code is publicly available and modern AI tools can quickly convert it into working attacks.
The vulnerabilities illustrate a broader trend in cybersecurity. Automated systems are becoming increasingly effective at detecting software errors, while developers continue to struggle to resolve all identified issues in a timely manner. By targeting AI at specific steps within an attack chain—such as finding executable code and escalating privileges—the search process can be significantly accelerated.
For organizations using CUPS, it is therefore advisable to critically review their configuration and, where possible, restrict access to shared printer queues. As soon as an official update becomes available, it is recommended to install it.