Session hijacking in PaperCut NG/MF embedded application for Konica Minolta...

3.6 / 10

LOW

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U

Description

The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.

It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

Basic Information

ID CVE-2026-5115

Source PaperCut

Published Mar 31, 2026 at 00:54

Modified Mar 31, 2026 at 13:59

Affected Product

Vendor PaperCut

Product Papercut NG/MF

Affected Versions PaperCut Papercut NG/MF 0
PaperCut Papercut NG/MF 0

CWE Classification

CWE-319

References

www.papercut.com /kb/Main/papercut-ng-mf-security-bulletin-march-2026/

{
    "lastseen": "",
    "description": "The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.\n\nIt was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an \u00a0attack on the device.\u00a0Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.",
    "published": "2026-03-31T00:54:48.889Z",
    "modified": "2026-03-31T13:59:35.485Z",
    "type": "cve",
    "title": "Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices",
    "source": "PaperCut",
    "references": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/",
    "id": "CVE-2026-5115",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "PaperCut Papercut NG/MF 0\nPaperCut Papercut NG/MF 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.6,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Papercut NG/MF",
    "version": "0",
    "vendor": "PaperCut",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices_CVE-2026-5115