- CVE: CVE-2026-14544
- CVSS: 9.8 (Critical · CVSSv3)
- Product: Red Hat Enterprise Linux 10
- Impact: Hplip: incomplete fix for cve-2026-8631
- Status: No confirmed exploitation yet
- EPSS: 0.5% (30-day)
- Action: Restricting access to the printing services to trusted users and networks.
TL;DR
Red Hat disclosed a critical HPLIP vulnerability, tracked as CVE-2026-14544, with a CVSS score of 9.8. The flaw lets a remote attacker reach arbitrary code execution or privilege escalation through crafted print data. Notably, it is an incomplete fix for the earlier CVE-2026-8631.
Why It Matters
HPLIP drives HP printers on many Linux desktops and servers. So this HPLIP vulnerability can give an attacker code execution on the host. The filter runs as the ‘lp’ user by default, which sets the privilege ceiling. Moreover, a network-exposed print service widens who can send the malicious job. So far, no public exploitation has been reported.
How the Attack Works
The bug sits in the hpcups component. An integer overflow triggers when hpcups parses specially crafted print data. As the Red Hat advisory explains, an attacker who can submit a print job to the filter path can then run code. Notably, the earlier patch for CVE-2026-8631 did not fully close this path.
Affected Versions
Red Hat lists HPLIP as affected across Red Hat Enterprise Linux 6 through 10. Other Linux distributions that ship HPLIP likely face the same risk. The related CVE-2026-8631 and CVE-2026-8632 already reached fixes in HPLIP 3.26.4.
Patch and Mitigation
Apply your distribution’s HPLIP update once it lands. Until then, restrict printing services to trusted users and networks. If you do not need HPLIP, removing the hplip package removes this HPLIP vulnerability, though it also disables printing.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.