OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-863"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27447.json"
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.16"
}
]
}[
{
"id": "CVE-2026-27447-a583b177",
"digest": {
"line_hashes": [
"176410143507355983294686101745328094369",
"115792395960735883771031320264469884721",
"135803717691476411825697998077932116207",
"15424156163291787898771581584915379929",
"120159171580599956410117718006041538495",
"225684204883454819845312418647600792057",
"167917337984149193837649330828183126558",
"42576025254109609475844479046551153644",
"203451318150926783078270546881530624118",
"83225245274089313078095274200200206486",
"21131427354955727502024260087251600933",
"98907988471480144369036382542787974728",
"231767634043447334001081408555918870490",
"147099455136125777772392495595352119725",
"124984009242917229298563710533862992123",
"176093930449248608742716230876999423999",
"116314721378060575864101780567823109522",
"25492270040618489791059604830968291741",
"40982160569122594518117613264420660995",
"231297760216475671602390663204719588686",
"56065336540310778795803205510786277516",
"2279732709940580555618036312256163999",
"283562889683504142252572169100790928288",
"270335933995058196395868664161701540741",
"160869365900250851240417119813137631545",
"14642659824781436975204801126160201989",
"68001646181108637465845052831812894087",
"62157241115842724479385905450330649141",
"149472562226488825573754007569635977410",
"205276668302131435168663366645767543537",
"55340116071575073625551515271516629609",
"262209548606140328929408740926690049984",
"108258868073512654495180403420069176282",
"44966827632852408863057524427078114142",
"42855598644245201361281865265195749468",
"318118673100323177856516085204320953977",
"208649811365641460174992021559223564598",
"70177316613792701867660416032538760833"
],
"threshold": 0.9
},
"target": {
"file": "scheduler/auth.c"
},
"signature_version": "v1",
"source": "https://github.com/openprinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2026-27447-ceea831d",
"digest": {
"length": 1656.0,
"function_hash": "301946086184399924173053728711547405119"
},
"target": {
"function": "cupsdCheckGroup",
"file": "scheduler/auth.c"
},
"signature_version": "v1",
"source": "https://github.com/openprinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2026-27447-d2a45f49",
"digest": {
"length": 8660.0,
"function_hash": "171918984847480217483569706055594429153"
},
"target": {
"function": "cupsdIsAuthorized",
"file": "scheduler/auth.c"
},
"signature_version": "v1",
"source": "https://github.com/openprinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220",
"deprecated": false,
"signature_type": "Function"
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-27447.json"
"2026-07-11T07:55:42Z"