Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-6418
Analyzed
More InfoOfficial Page
Source-eb41dac7-0af8-4f84-9f6d-0272772514f4
View Known Exploited Vulnerability (KEV) details
Published At-05 May, 2026 | 07:16
Updated At-12 May, 2026 | 15:53

An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchronization. Due to a lack of proper path validation and sanitization, an authenticated user with administrative privileges can specify arbitrary file paths on the local file system. This allows for the enumeration of directory structures and the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is triggered, the application attempts to parse the contents of the specified file, subsequently exposing the data within the application's account management interface. This vulnerability could lead to the disclosure of sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches
PaperCut Software Pty Ltd
papercut
>>papercut_mf>>Versions before 25.0.11(exclusive)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
PaperCut Software Pty Ltd
papercut
>>papercut_ng>>Versions before 25.0.11(exclusive)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-36Secondaryeb41dac7-0af8-4f84-9f6d-0272772514f4
CWE-552Secondaryeb41dac7-0af8-4f84-9f6d-0272772514f4
CWE ID: CWE-36
Type: Secondary
Source: eb41dac7-0af8-4f84-9f6d-0272772514f4
CWE ID: CWE-552
Type: Secondary
Source: eb41dac7-0af8-4f84-9f6d-0272772514f4
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.papercut.com/kb/Main/papercut-ng-mf-and-papercut-hive-security-bulletin-may-2026/eb41dac7-0af8-4f84-9f6d-0272772514f4
Vendor Advisory
Mitigation
Hyperlink: https://www.papercut.com/kb/Main/papercut-ng-mf-and-papercut-hive-security-bulletin-may-2026/
Source: eb41dac7-0af8-4f84-9f6d-0272772514f4
Resource:
Vendor Advisory
Mitigation
Change History
0Changes found
Details not found