CVE-2026-14544
Red Hat · Red Hat Enterprise Linux 10
An integer overflow in the HPLIP hpcups processing path allows a remote attacker to escalate privileges or execute arbitrary code via specially crafted print data.
Executive summary
A critical integer overflow vulnerability in Red Hat Enterprise Linux 10's HPLIP software permits remote attackers to achieve arbitrary code execution or privilege escalation.
Vulnerability
This is an integer overflow vulnerability within the HPLIP (HP Linux Imaging and Printing) software, specifically in the hpcups processing component. It is an incomplete fix for a prior vulnerability and enables remote attackers to trigger arbitrary code execution or escalate privileges by sending malicious print data.
Business impact
Arbitrary code execution at the system level is a critical threat, as it allows attackers to gain full control over affected machines. With a CVSS score of 9.8, this flaw represents a significant risk to the confidentiality, integrity, and availability of any system running RHEL 10 with the vulnerable printing components enabled.
Remediation
Immediate Action: Update Red Hat Enterprise Linux 10 to the latest available version which contains the corrected HPLIP packages.
Proactive Monitoring: Monitor system logs for unexpected crashes or unauthorized processes spawned by the printing service.
Compensating Controls: Disable the printing service or restrict network access to print services to trusted internal sources only if patching cannot be performed immediately.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is highly dangerous due to the potential for remote code execution. Administrators should prioritize updating RHEL 10 systems to the latest version immediately to ensure the integer overflow protection is correctly implemented. If immediate patching is not feasible, restricting access to print services is a necessary temporary measure to contain the risk.