Control Character Injection Vulnerability in Oracle Linux Cups

Control Character Injection Vulnerability in Oracle Linux Cups

First seen 15 Jul 2026, 15:27 UTC Linuxsecurity 96% similarity 57.8

Article Content

Browse articles
ThreatCluster

A control character injection vulnerability (CVE-2026-34980) has been identified in the Common Unix Printing System (CUPS) affecting Oracle Linux 8 and 9. This vulnerability allows attackers to inject control characters into option values, potentially leading to unauthorized actions. The flaw affects multiple package versions, including cups-2.2.6 and cups-2.3.3, across both x86_64 and aarch64 architectures. Users of Oracle Linux 8 and 9 are advised to update their systems to mitigate this risk. The vulnerability was published on April 3, 2026, and is categorized as moderate in severity. Patches for the affected packages have been released, and system administrators are urged to apply these updates promptly. Failure to address this vulnerability may expose systems to exploitation.

Key Points: • CVE-2026-34980 affects Oracle Linux 8 and 9 due to a control character injection flaw. • The vulnerability allows attackers to manipulate option values in CUPS, posing a security risk. • Patches for affected packages have been released; immediate updates are recommended.

ThreatCluster AI

Timeline

2026-04-03
CVE-2026-34980 published
Oracle disclosed a control character injection vulnerability in CUPS affecting multiple Linux distributions.
Linuxsecurity
2026-07-13
Oracle Linux 8 advisory released
An advisory for Oracle Linux 8 was published addressing CVE-2026-34980 with patch details.
Linuxsecurity
2026-07-15
Oracle Linux 9 advisory released
An advisory for Oracle Linux 9 was published addressing CVE-2026-34980 with patch details.
Linuxsecurity

Community

Browse all →