CVE-2026-4682 - Vulnerability Details - OpenCVE

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_14744451-14744475-16

History

Wed, 15 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.
Title		Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow
Weaknesses		CWE-121
References		https://support.hp.com/us-en/document/ish_14744451-14744475-16
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2026-04-15T14:32:31.348Z

Updated: 2026-04-15T18:45:14.071Z

Reserved: 2026-03-23T22:00:03.720Z

Link: CVE-2026-4682

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-15T15:16:42.800

Modified: 2026-04-15T15:16:42.800

Link: CVE-2026-4682

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4682", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "dateReserved": "2026-03-23T22:00:03.720Z", "datePublished": "2026-04-15T14:32:31.348Z", "dateUpdated": "2026-04-15T18:45:14.071Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2026-04-15T14:32:31.348Z"}, "title": "Certain HP DeskJet All In One (AIO) Devices \u2013 Potential Remote Code Execution & Potential Buffer Overflow", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "affected": [{"vendor": "HP Inc", "product": "HP DeskJet 2800e All-in-One Printer series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "HP Inc", "product": "HP DeskJet 4200 All-in-One Printer series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "HP Inc", "product": "HP DeskJet Ink Advantage 4200 All-in-One Printer series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "HP Inc", "product": "HP DeskJet 4200e All-in-One Printer series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "HP Inc", "product": "HP DeskJet Ink Advantage Ultra 4900 series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "HP Inc", "product": "HP DeskJet Ink Advantage 2800 All-in-One Printer series", "versions": [{"status": "affected", "version": "0", "lessThan": "<2612A", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Certain HP DeskJet All in One devices\nmay be vulnerable to remote code execution caused by a buffer overflow when\nspecially crafted Web Services for Devices (WSD) scan requests are improperly\nvalidated and handled by the MFP.\n\n\n\nWSD\nScan is a Microsoft Windows\u2013based network scanning protocol that allows a PC to\ndiscover scanners (and MFPs) on a network and send scan jobs to them without\nrequiring vendor specific drivers or utilities.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Certain HP DeskJet All in One devices\nmay be vulnerable to remote code execution caused by a buffer overflow when\nspecially crafted Web Services for Devices (WSD) scan requests are improperly\nvalidated and handled by the MFP.<br>\n<br>\nWSD\nScan is a Microsoft Windows\u2013based network scanning protocol that allows a PC to\ndiscover scanners (and MFPs) on a network and send scan jobs to them without\nrequiring vendor specific drivers or utilities.</p>"}]}], "references": [{"url": "https://support.hp.com/us-en/document/ish_14744451-14744475-16"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T18:45:03.123522Z", "id": "CVE-2026-4682", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T18:45:14.071Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain HP DeskJet All in One devices\nmay be vulnerable to remote code execution caused by a buffer overflow when\nspecially crafted Web Services for Devices (WSD) scan requests are improperly\nvalidated and handled by the MFP.\n\n\n\nWSD\nScan is a Microsoft Windows\u2013based network scanning protocol that allows a PC to\ndiscover scanners (and MFPs) on a network and send scan jobs to them without\nrequiring vendor specific drivers or utilities."}], "id": "CVE-2026-4682", "lastModified": "2026-04-15T15:16:42.800", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "hp-security-alert@hp.com", "type": "Secondary"}]}, "published": "2026-04-15T15:16:42.800", "references": [{"source": "hp-security-alert@hp.com", "url": "https://support.hp.com/us-en/document/ish_14744451-14744475-16"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "hp-security-alert@hp.com", "type": "Secondary"}]}