Security researcher Asim Viladi Oglu Manizada and a team of AI-driven vulnerability hunting agents have discovered two critical flaws in the Common Unix Printing System (CUPS), the standard printing software used across Linux distributions and Apple devices.
These vulnerabilities, tracked as CVE-2026-34980 and CVE-2026-34990, can be chained to allow an unauthenticated attacker to remotely execute code and achieve root file overwrite on a network. The flaws specifically affect CUPS version 2.4.16.
Vulnerability chain details
CVE-2026-34980 functions by exploiting the default policy of CUPS, which accepts anonymous print-job requests when a printer queue is shared over a network. Manizada, a security engineer at SpaceX, noted that this configuration is common in corporate environments.
"This gives us the ability to target all the rich escaping and parsing logic on a shared queue without any authentication layer by default," Manizada explained in a recent analysis. Successful exploitation allows an attacker to achieve remote code execution with the privileges of the 'lp' user.
When combined with CVE-2026-34990—an authorization flaw present in the system's default configuration—an attacker can escalate their access to perform root file overwrites.
While an official patch for these vulnerabilities has not yet been released, public commits containing fixes for both issues are available for the open-source project.
Manizada warned that the accessibility of proof-of-concept (PoC) code in maintainer-released advisories, combined with the ability of large language models to rapidly generate exploits from technical writeups, makes these vulnerabilities a significant concern for system administrators.
"Given that the maintainer-released advisories contain the PoCs and that LLMs can now quickly convert writeups to PoCs, I'd expect this to be trivially exploitable on affected deployments," Manizada told The Register.
Although there are no current reports of active exploitation in the wild, the wide distribution of CUPS across Unix-like operating systems creates a broad target surface for potential attackers. Administrators of networked print servers are advised to monitor the OpenPrinting project for finalized security updates.