CVE-2026-6180— PaperCut MF: Card truncation on HP readers
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6180
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PaperCut MF: Card truncation on HP readers
Source: NVD (National Vulnerability Database)
Vulnerability Description
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notification fails to reach the server, the server may reject the initial data chunk while erroneously accepting subsequent chunks before a connection reset completes. This leads to the registration of a truncated badge ID string. While this typically results in an authentication failure, the vulnerability is compounded in environments utilizing custom badge-ID post-processing scripts. In such configurations, the truncated string may be transformed into a valid ID belonging to a different user, leading to unauthorized session establishment (Incorrect User Login) on the device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
PaperCut MF 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PaperCut MF是澳大利亚PaperCut公司的一套多功能打印机控制软件。 PaperCut MF存在输入验证错误漏洞,该漏洞源于处理特定HP多功能设备的刷卡数据时存在竞争条件,在涉及丢包和乱序序列计数器的特定网络条件下,服务器可能错误处理分片数据块,导致注册截断的徽章ID字符串,在利用自定义徽章ID后处理脚本的环境中,截断的字符串可能被转换为属于其他用户的有效ID,导致设备上建立未经授权的会话。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| PaperCut | PaperCut NG/MF | 0 ~ 24.1.9 | - |
II. Public POCs for CVE-2026-6180
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6180
请登录查看更多情报信息。
Same Patch Batch · PaperCut · 2026-05-05 · 3 CVEs total
| CVE-2026-7824 | PaperCut Hive (Ricoh): Plain text password in logs | |
| CVE-2026-6418 | PaperCut NG/MF: Path Traversal in Shared Account Synchronization |
IV. Related Vulnerabilities
Same product: PaperCut NG/MF
Same vendor: PaperCut
- CVE-2026-7824
PaperCut Hive (Ricoh): Plain text password in logs - CVE-2026-6418
PaperCut NG/MF: Path Traversal in Shared Account Synchroniza - CVE-2026-5115
Session hijacking in PaperCut NG/MF embedded application for - CVE-2026-4794
Multiple cross-site scripting (XSS) vulnerabilities in Paper - CVE-2025-9785
Misconfigured certificate validation with self-signed certif
Same weakness: CWE-367
- CVE-2026-42344
FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress al - CVE-2026-44694
n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API clien - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2026-34354
Akamai Guardicore Platform Agent 安全漏洞 - CVE-2026-41002
VMware Spring Cloud Config 安全漏洞
V. Comments for CVE-2026-6180
No comments yet