CVE-2026-3291

Description

Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hp:samsung_print_service_plugin:*:*:*:*:*:android:*:* - VULNERABLE

Samsung Print Service Plugin < 修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-3291: Information Disclosure
# This script demonstrates checking for exposed sensitive files in the app's directory.
# Requires root access or misconfigured permissions to be effective.

import os

def check_vulnerability():
    # Path commonly used by the target app
    target_path = "/data/data/com.print.printservice/"
    
    print("[*] Checking for CVE-2026-3291 vulnerability indicators...")
    
    if os.path.exists(target_path):
        print(f"[+] Target directory found: {target_path}")
        try:
            # List files that might contain sensitive information
            files = os.listdir(target_path)
            sensitive_files = ['shared_prefs', 'databases', 'files']
            
            for f in files:
                if f in sensitive_files:
                    print(f"[!] Potential sensitive data directory found: {f}")
                    # In a real exploit scenario, read contents here
        except PermissionError:
            print("[-] Permission denied. Root access may be required.")
    else:
        print("[-] Target application directory not found.")

if __name__ == "__main__":
    check_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3291
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3291
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3291/
[4] VulDB https://vuldb.com/cve/CVE-2026-3291
[5] https://support.hp.com/us-en/document/ish_14864662-14864690-16/hpsbgn04093

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3291", "sourceIdentifier": "[email protected]", "published": "2026-05-06T22:16:25.367", "lastModified": "2026-05-11T14:43:00.500", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-926"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hp:samsung_print_service_plugin:*:*:*:*:*:android:*:*", "versionEndExcluding": "3.12.260420", "matchCriteriaId": "E43F5A2B-B91A-47C7-A800-3C4BC1E9EB74"}]}]}], "references": [{"url": "https://support.hp.com/us-en/document/ish_14864662-14864690-16/hpsbgn04093", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}