AI-powered security research has discovered two severe flaws in the widely-used CUPS printing system that can be chained to achieve remote code execution and root access on Linux and Unix systems.
AI agents have uncovered two critical vulnerabilities in the Common Unix Printing System (CUPS) that could allow unauthenticated attackers to remotely execute code and achieve root file overwrite on affected systems. The vulnerabilities, discovered by security researcher Asim Viladi Oglu Manizada and his team, highlight both the growing capabilities of AI in vulnerability discovery and the persistent security challenges facing widely-deployed open source software.
The Vulnerabilities
The two flaws, tracked as CVE-2026-34980 and CVE-2026-34990, affect CUPS version 2.4.16 and can be chained together to create a devastating attack chain. CVE-2026-34980 allows an unauthenticated attacker to submit a print job to a shared PostScript queue and achieve remote code execution as the lp user. This vulnerability requires the CUPS server to be reachable over the network with a shared PostScript queue exposed - a configuration more common in business environments than personal systems.
CVE-2026-34990 is an authorization flaw that works on default CUPS configurations, allowing a low-privileged account to achieve root file overwrite. When combined with the first vulnerability, this creates a scenario where an unauthenticated, unprivileged remote attacker can achieve root file overwrite over the network.
How the Attack Works
The first vulnerability exploits CUPS' default policy of accepting anonymous print-job requests. The system only blocks remote printing when queues are not shared, creating an opportunity for attackers to target the rich escaping and parsing logic on shared queues without any authentication layer.
A key aspect of the attack involves CUPS' handling of newlines and the "PPD:" control record. The system prefixes newlines with a backslash, then strips out the backslash during option string parsing. This allows attackers to embed code into newlines that survives the escaping and reparsing process. Additionally, CUPS treats "PPD:" as a trusted control record, which can be abused to modify queue configuration, inject malicious entries, and trick the system into executing attacker-chosen binaries.
As CUPS creator Michael Sweet explained, the attack works by having the server accept a page-border value supplied as textWithoutLanguage, preserving an embedded newline through option escaping and reparse, then reparsing the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can then execute an attacker-chosen existing binary such as /usr/bin/vim as the lp user.
The Role of AI in Discovery
Manizada credits AI agents for significantly accelerating the vulnerability discovery process. The approach involved tasking AI systems with two separate searches: first, finding remote code execution as any user, and second, finding any-to-root privilege escalation primitives. This strategy allowed the agents to narrow the search space and avoid wasting computational resources.
"You may not vibe-discover the whole chain with a single 'find me a remote RCE to root, make no mistakes' prompt," Manizada wrote. "But tasking them with a) a search for a remote code exec as anything and b) anything -> a useful root primitive allows the agents to greatly narrow the search space and not burn as many tokens."
This discovery follows similar research by Simone Margaritelli in 2024, who chained several CUPS vulnerabilities to achieve unauthorized remote code execution. The current findings build upon that work, demonstrating how AI can accelerate and enhance security research.
Impact and Mitigation
While Manizada doesn't have hard numbers on how many printers are vulnerable, he notes that the maintainer-released advisories contain proof-of-concept exploits, and with AI's ability to quickly convert writeups to working exploits, affected deployments could be trivially exploitable.
The vulnerabilities affect CUPS 2.4.16, and while there isn't yet a patched version of the open source printing system, public commits with fixes for both issues are available. Organizations using CUPS should monitor for official patches and consider implementing network segmentation or access controls to limit exposure of shared PostScript queues.
The Broader Context
These vulnerabilities highlight several important trends in cybersecurity. First, they demonstrate how AI is becoming increasingly effective at finding complex vulnerability chains that might be missed by traditional security research methods. Second, they underscore the persistent security challenges facing widely-deployed open source software, where human maintainers struggle to keep pace with the volume of potential vulnerabilities.
The discovery also raises questions about the future of security research and the balance between AI-powered discovery and human oversight. As AI systems become more capable of finding and even exploiting vulnerabilities, the security landscape may shift dramatically, requiring new approaches to vulnerability management and patch deployment.
For organizations, this discovery serves as a reminder that even seemingly mundane systems like print servers can present significant security risks when misconfigured or unpatched. The combination of remote code execution and privilege escalation in a widely-used system like CUPS creates a potent attack vector that warrants immediate attention and remediation efforts.
The Common Unix Printing System (CUPS) remains a critical component of Linux and Unix-like systems, serving as the default printing system for most Linux distributions and Apple device operating systems. As such, any security flaw in CUPS has the potential for widespread impact, making timely patching and proper configuration essential for maintaining system security.
Comments
Please log in or register to join the discussion