Background

CUPS (Common Unix Printing System) is the standard print server embedded across Linux and Unix-like operating systems, including enterprise server distributions and many desktop installations. Because the CUPS scheduler daemon (cupsd) runs with elevated system privileges, it has long been an attractive target for privilege escalation attacks.

This latest disclosure follows in the footsteps of security researcher Simone Margaritelli’s high-profile 2024 research, which chained several CUPS bugs to achieve unauthorized remote code execution and prompted widespread concern about the print system’s attack surface.

Discovery: AI-Assisted Vulnerability Hunting

Security researcher Asim Viladi Oglu Manizada, a security engineer at SpaceX, led a team of AI-powered vulnerability discovery agents that uncovered the two new flaws. Manizada published a detailed technical writeup on Sunday, April 6, 2026, and spoke with The Register about the findings.

“Given that the maintainer-released advisories contain the PoCs and that LLMs can now quickly convert writeups to PoCs, I’d expect this to be trivially exploitable on affected deployments.” — Asim Viladi Oglu Manizada, via The Register, April 6 2026

The bigger picture, as Manizada and several other security researchers have noted, is that AI is getting genuinely good at finding bugs in complex codebases — a trend with significant implications for how vulnerabilities will be discovered and weaponized going forward.

The Two Vulnerabilities

CVE-2026-34980 Remote Code Execution Improper Input Validation · CWE-20

This flaw affects CUPS servers that are network-exposed and configured with a shared PostScript print queue. By default, CUPS accepts anonymous print job requests on shared queues, creating a significant unauthenticated attack surface.

The root cause is a parsing vulnerability in how CUPS handles print job attributes. An attacker sends a print job containing a page-border value with an embedded newline character. CUPS prefixes newlines with a backslash for escaping, then strips the backslash when it later re-parses the option string — meaning the newline survives the full round trip through the system. CUPS additionally treats lines beginning with PPD: as trusted scheduler control records, allowing the injected newline to be interpreted as a configuration command. A follow-up raw print job can then instruct CUPS to execute an attacker-chosen binary (for example, /usr/bin/vim) as the lp service account, achieving remote code execution.

Manizada notes this is a deliberate configuration choice, more commonly found in corporate networked printing environments than on typical desktops.

CVE-2026-34990 Local Privilege Escalation Improper Authentication · CWE-287

This flaw is more broadly impactful because it works against the default CUPS configuration, requiring no special setup. Any local, unprivileged user can trigger it.

The attacker creates a fake, temporary local printer that listens on a specific TCP port. When CUPS attempts to validate this new printer, the attacker intercepts the authentication step and tricks cupsd into connecting to their controlled localhost IPP service. CUPS hands over a reusable Authorization: Local token — which grants the ability to issue /admin/ management requests on localhost.

Armed with this token, the attacker uses CUPS-Create-Local-Printer combined with printer-is-shared=true to persist a print queue pointing to a sensitive file path (e.g. file:///etc/sudoers.d/). The system’s normal FileDevice policy would ordinarily reject such a URI, but the security check is bypassed because CUPS stores the URI before verifying it, and the shared flag clears the temporary state before the check runs. By exploiting this race condition, the attacker prints directly into a protected system file — for example, dropping a malicious sudoers fragment — achieving arbitrary root file overwrite.

The Full Attack Chain

When combined, the two vulnerabilities allow a completely unauthenticated, unprivileged remote attacker to gain full root-level file write access over the network:

// exploit chain — remote attacker → root
[CVE-2026-34980] Attacker sends malicious print job to shared PostScript queue over the network — no credentials required
Embedded newline survives option escaping + re-parse cycle; injected PPD: control record modifies queue configuration
Follow-up raw print job triggers CUPS to execute attacker-chosen binary → RCE as lp user
[CVE-2026-34990] From lp foothold: fake local printer created, CUPS coerced into exposing reusable Authorization: Local token
Token used to create file:///etc/sudoers.d/ print queue; race condition exploited to bypass FileDevice URI security check
Arbitrary root file overwrite — malicious sudoers fragment dropped → full system compromise

Scope and Prerequisites

It is important to understand the prerequisites for the full remote exploit chain. CVE-2026-34980 requires the CUPS server to be reachable over the network and configured to expose a shared PostScript queue. This is not the default desktop configuration, but is realistic in corporate or server environments with networked printing.

CVE-2026-34990, however, works against default CUPS configurations and requires only local, unprivileged access — making it significant even without the remote component. When chained via CVE-2026-34980, the attack becomes fully remote and requires no credentials at any step.

Manizada told The Register he has not personally observed signs of exploitation in the wild as of publication, but given that public proof-of-concept code is available in the official maintainer advisories, the window before active exploitation narrows quickly.

Patch Status

Both vulnerabilities were publicly disclosed on April 3, 2026. As of April 7, 2026, no official patched release of CUPS is available. Fix commits have been pushed to the public OpenPrinting CUPS repository, and CUPS maintainer Michael Sweet has published security advisories, but a formal release incorporating the patches has not yet shipped. Affected version: CUPS 2.4.16 and all prior versions.

Recommended Mitigations

Until official patches are released, administrators should take the following steps immediately:

⚙ Immediate Mitigations
  • 🔌
    Disable network exposure for CUPS. If printing services do not need to be accessible over the network, block or disable CUPS’s network-facing interfaces at the firewall level. This eliminates the attack surface for CVE-2026-34980 entirely.
  • 🔒
    Do not share PostScript queues without authentication. If network printing is required, enforce strict authentication on all shared queues. Remove any anonymous or open print queue configurations.
  • 🛡
    Enable AppArmor or SELinux for CUPS. Confining the cupsd process under a mandatory access control profile (AppArmor on Ubuntu/Debian, SELinux on RHEL/CentOS) restricts which files the service can access, significantly reducing the impact of CVE-2026-34990 even if initial access is gained.
  • 🔄
    Monitor for patches and apply immediately. Watch the OpenPrinting security advisories and your Linux distribution’s security channels. Apply official patches as soon as they are available.
  • 🔍
    Audit /etc/sudoers.d/ and sensitive system files. Check for unexpected files or entries that could indicate prior exploitation of CVE-2026-34990 on systems where CUPS has been accessible to local users.

Context: AI’s Growing Role in Vulnerability Research

This disclosure is notable not only for the severity of the bugs but for how they were found. Manizada’s use of AI agents to automate and accelerate vulnerability discovery signals a broader shift in the security landscape. AI-assisted tooling is lowering the barrier both for defenders hunting bugs and for potential attackers converting technical writeups into working exploits — a dynamic that makes rapid patching and mitigation more critical than ever.