CVE-2026-14544 PUBLISHED

Hplip: incomplete fix for cve-2026-8631

Assigner: redhat
Reserved: 03.07.2026 Published: 03.07.2026 Updated: 03.07.2026

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: unaffected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: unaffected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected

Workarounds

To mitigate this vulnerability, consider restricting access to the printing services to trusted users and networks. If HPLIP is not required, removing the hplip package can eliminate the exposure. Note that removing hplip may affect printing functionality.

References

Problem Types

  • Integer Overflow or Wraparound CWE