This is getting a bit more urgent with privilege escalation and/or code
execution bugs:
https://www.openwall.com/lists/oss-security/2026/05/23/1
https://support.hp.com/us-en/document/ish_14942099-14942126-16/hpsbpi04118
> HP Linux Imaging and Printing Software – Potential Escalation of Privilege and
> Arbitrary Code Execution
>
> Potential security vulnerabilities have been identified in the HP Linux
> Imaging
> and Printing Software. These potential vulnerabilities may allow escalation of
> privileges and/or arbitrary code execution via command injection or buffer
> overflow.
>
> Severity: Critical
> HP Reference: HPSBPI04118 Rev. 1
> Release date: May 20, 2026
> Last updated: May 20, 2026
> Category: Print Software
>
> Reported by Mohamed Lemine Ahmed Jidou (AegisSec) (CVE-2026-8631)
> and Aisle Research (CVE-2026-8632).
>
> List of CVE IDs
> ---------------
>
> CVE ID: CVE-2026-8631
> CVSS: 9.3
> Severity: Critical
> Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
>
>
> CVE ID: CVE-2026-8632
> CVSS: 8.5
> Severity: High
> Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
>
>
> Resolution
> ----------
>
> HP has identified affected versions and the minimum software version that
> mitigates the potential vulnerabilities. See the affected product list below.
>
> Newer software versions might become available, and the minimum versions
> listed
> below might become obsolete. If a link becomes invalid, check the HP Software
> and Drivers Support site to obtain the latest update for your product model.
>
> HP recommends keeping your system up to date with the latest firmware and
> software.
>
> Affected products
> -----------------
>
> Product Name: HP Linux Imaging and Printing
> Updated Version: 3.26.4
> Download Link:
> https://developers.hp.com/hp-linux-imaging-and-printing/gethplip
The outdated hplip package is becoming a serious risk.
Alrighty then,
Thomas
