CVE-2026-1997

Medium CVSS: 6.9

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.

CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Vendor

Product

M9l65a Firmware

CWE

CWE-346

Yayın Tarihi

2026-02-10 18:16:22

Güncelleme

2026-02-12 15:13:31

Source Identifier

hp-security-alert@hp.com

KEV Date Added

Kategoriler

CWE-346 M9l65a Firmware MEDIUM Hp 2026

Referanslar

https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086

Benzer Kayıtlar

Medium

CVE-2026-2915

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability…

Medium

CVE-2026-1996

Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled,…

High

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC…

Medium

CVE-2025-11531

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. T…

Medium

CVE-2025-13492

A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerabil…

Medium

CVE-2025-12784

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering…