COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-27351

CVE-2023-27351

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⌖ exploited in the wild shame 65/100 ransomwareexploited-in-wildunpatchedauth-bypass

PaperCut NG/MF allows remote attackers to bypass authentication via the SecurityRequestFilter class, enabling unauthorized access to print management systems.

This critical vulnerability allows remote attackers to bypass authentication on PaperCut NG/MF installations, potentially granting access to print management systems and exposing sensitive data. For DIB organizations, this poses a significant risk as it could lead to unauthorized access to print queues and potentially compromise the integrity of the print management infrastructure. Organizations should immediately patch affected systems and review their authentication mechanisms to prevent similar vulnerabilities.

Shame score — A critical authentication bypass vulnerability that was actively exploited and linked to ransomware, indicating a significant security oversight.

Players implicated

PaperCut · vendorNG/MF · product

Description

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.