6.9

CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.

CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpM9l65a Firmware Version < 001.2602a
   HpM9l65a Version-
HpD9l20a Firmware Version < 001.2602b
   HpD9l20a Version-
HpK7s32a Firmware Version < 001.2602b
   HpK7s32a Version-
HpD9l21a Firmware Version < 001.2602b
   HpD9l21a Version-
HpK7s42a Firmware Version < 001.2602b
   HpK7s42a Version-
HpT0g65a Firmware Version < 001.2602b
   HpT0g65a Version-
HpK7s39a Firmware Version < 001.2602b
   HpK7s39a Version-
HpJ6x83a Firmware Version < 001.2602b
   HpJ6x83a Version-
HpK7s43a Firmware Version < 001.2602b
   HpK7s43a Version-
HpK7s40a Firmware Version < 001.2602b
   HpK7s40a Version-
HpK7s41a Firmware Version < 001.2602b
   HpK7s41a Version-
HpT0g56a Firmware Version < 001.2602b
   HpT0g56a Version-
HpD9l63a Firmware Version < 001.2602b
   HpD9l63a Version-
HpD9l64a Firmware Version < 001.2602b
   HpD9l64a Version-
HpJ3p65a Firmware Version < 001.2602b
   HpJ3p65a Version-
HpJ3p66a Firmware Version < 001.2602b
   HpJ3p66a Version-
HpJ3p67a Firmware Version < 001.2602b
   HpJ3p67a Version-
HpJ3p68a Firmware Version < 001.2602b
   HpJ3p68a Version-
HpT0g70a Firmware Version < 001.2602b
   HpT0g70a Version-
HpG5j38a Firmware Version < 001.2602a
   HpG5j38a Version-
HpT1p99a Firmware Version < 001.2602a
   HpT1p99a Version-
HpL3t99a Firmware Version < 001.2602a
   HpL3t99a Version-
HpY0s19a Firmware Version < 001.2602a
   HpY0s19a Version-
HpG5j56a Firmware Version < 001.2602a
   HpG5j56a Version-
HpY0s18a Firmware Version < 001.2602a
   HpY0s18a Version-
HpD9l18a Firmware Version < 001.2602a
   HpD9l18a Version-
HpM9l66a Firmware Version < 001.2602a
   HpM9l66a Version-
HpM9l67a Firmware Version < 001.2602a
   HpM9l67a Version-
HpT0g46a Firmware Version < 001.2602a
   HpT0g46a Version-
HpJ6x76a Firmware Version < 001.2602a
   HpJ6x76a Version-
HpJ6x78a Firmware Version < 001.2602a
   HpJ6x78a Version-
HpJ6x80a Firmware Version < 001.2602a
   HpJ6x80a Version-
HpK7s37a Firmware Version < 001.2602a
   HpK7s37a Version-
HpM9l70a Firmware Version < 001.2602a
   HpM9l70a Version-
HpJ6x77a Firmware Version < 001.2602a
   HpJ6x77a Version-
HpJ6x81a Firmware Version < 001.2602a
   HpJ6x81a Version-
HpJ6x79a Firmware Version < 001.2602a
   HpJ6x79a Version-
HpK7s38a Firmware Version < 001.2602a
   HpK7s38a Version-
HpT0g47a Firmware Version < 001.2602a
   HpT0g47a Version-
HpT0g48a Firmware Version < 001.2602a
   HpT0g48a Version-
HpT0g49a Firmware Version < 001.2602a
   HpT0g49a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.002
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
hp-security-alert@hp.com 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.