CVE-2026-5115

Description

The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:* - VULNERABLE

PaperCut NG/MF (具体受影响版本请参考厂商2026年3月安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# This script demonstrates checking for insecure communication headers.
# It simulates an analyst verifying if the target exposes session cookies over HTTP.

target_url = "http://<target-device-ip>/embedded/app"

try:
    response = requests.get(target_url, timeout=5)
    headers = response.headers
    cookies = response.cookies

    print("[+] Target Response Headers:")
    for key, value in headers.items():
        print(f"{key}: {value}")

    print("\n[+] Session Cookies Found:")
    for cookie in cookies:
        print(f"Name: {cookie.name}, Value: {cookie.value}, Secure: {cookie.secure}")

    if not cookies:
        print("[-] No cookies set, but check if body contains session tokens.")
    else:
        for cookie in cookies:
            if not cookie.secure:
                print(f"[!] VULNERABLE: Cookie '{cookie.name}' is not marked as Secure and transmitted over HTTP.")

except Exception as e:
    print(f"[-] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5115
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5115
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5115/
[4] VulDB https://vuldb.com/cve/CVE-2026-5115
[5] https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5115", "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "published": "2026-03-31T01:16:36.900", "lastModified": "2026-04-03T18:11:36.917", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device.\n\nIt was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user."}, {"lang": "es", "value": "El PaperCut NG/MF (específicamente, la aplicación integrada para dispositivos Konica Minolta) es vulnerable al secuestro de sesión. La aplicación integrada de PaperCut NG/MF es una interfaz de software que se ejecuta directamente en la pantalla táctil de un dispositivo multifunción.\n\nSe descubrió internamente que el canal de comunicación entre la aplicación integrada y el servidor era inseguro, lo que podría filtrar datos, incluida información sensible que podría usarse para montar un ataque en el dispositivo. Dicho ataque podría usarse potencialmente para robar datos o para realizar un ataque de phishing en el usuario final."}], "metrics": {"cvssMetricV40": [{"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 3.6, "baseSeverity": "LOW", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.0.5", "matchCriteriaId": "52A24870-BFAD-4E33-92AE-1267F5576D5A"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:papercut:papercut_mf_konica_minolta:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.0.9", "matchCriteriaId": "92C27467-EBCE-41E0-BFD3-02D04100EC27"}]}]}], "references": [{"url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/", "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", "tags": ["Vendor Advisory"]}]}}