216.73.217.80

CVE-2026-1997

· Published 10/02/2026 18:16 · Modified 10/02/2026 21:51

Labels: CVE-2026-1997 2026-02-10CVE-2026-1997CWE-346[email protected]

Essential information

Published
10/02/2026 18:16
Modified
10/02/2026 21:51
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hp / officejet pro cpe:2.3:a:hp:officejet_pro:*:*:*:*:*:*:*:*

References