Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2026-5115

Severity CVSS v4.0:
LOW
Type:
CWE-319 Cleartext Transmission of Sensitive Information
Publication date:
31/03/2026
Last modified:
03/04/2026

Description

The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.<br /> <br /> It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an  attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

Impact

Vector 4.0
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U CVSS v4.0 Severity and Metrics:

Base Score: 3.60 LOW
Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Passsive
Confidentiality (VC): High
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): High
Integrity (SI): None
Availability (SA): None
Exploit Maturity (E): Unreported

Base Score 4.0
3.60
Severity 4.0
LOW
Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

Base Score 3.x
7.50
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* 25.0.5 (excluding)
cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:* 25.0.9 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools