PaperCut NG/MF — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/papercut-ng/mf/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 05 May 2026 00:00:00 +0000Multiple Vulnerabilities in PaperCut Allow Data Confidentiality Breach and Security Policy Bypasshttps://feed.craftedsignal.io/briefs/2026-05-papercut-vulns/Tue, 05 May 2026 00:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-papercut-vulns/Multiple vulnerabilities in PaperCut Embedded App versions prior to 2.2.0 on Ricoh devices and PaperCut NG/MF versions prior to 25.0.11 allow attackers to compromise data confidentiality and bypass security policies, potentially leading to unauthorized access and control.Multiple vulnerabilities have been identified in PaperCut, a print management software, posing significant risks to data confidentiality and security policy enforcement. Specifically, PaperCut Embedded App versions prior to 2.2.0 on Ricoh devices and PaperCut NG/MF versions prior to 25.0.11 are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive data, bypass security controls, and potentially compromise the entire print management system. The vulnerabilities were disclosed in a PaperCut security bulletin released on May 5, 2026. Defenders should apply the vendor-provided patches to mitigate these risks.

Attack Chain

  1. An attacker identifies a vulnerable PaperCut NG/MF server or PaperCut Embedded App on a Ricoh device.
  2. The attacker exploits CVE-2026-6180, CVE-2026-6418 or CVE-2026-7824 to gain unauthorized access.
  3. Upon successful exploitation, the attacker bypasses authentication mechanisms.
  4. The attacker gains access to sensitive print job data, including documents and user information.
  5. The attacker modifies security policies to escalate privileges.
  6. The attacker gains control over print queues and system configurations.
  7. The attacker can intercept, modify, or delete print jobs.
  8. The attacker exfiltrates sensitive data.

Impact

Successful exploitation of these vulnerabilities could lead to a significant breach of data confidentiality, allowing attackers to access sensitive documents and user information. The bypassing of security policies could lead to unauthorized access and control over the print management system. This could result in the compromise of sensitive data, disruption of printing services, and potential reputational damage for organizations using vulnerable versions of PaperCut.

Recommendation

  • Immediately upgrade PaperCut NG/MF to version 25.0.11 or later to patch the identified vulnerabilities, as referenced in the PaperCut security bulletin.
  • Upgrade PaperCut Embedded App on Ricoh devices to version 2.2.0 or later.
  • Monitor web server logs for suspicious activity targeting PaperCut servers, focusing on HTTP requests associated with the exploitation of CVE-2026-6180, CVE-2026-6418, and CVE-2026-7824.
]]>highadvisoryvulnerabilitypapercutdata-breachsecurity-bypass