Fedora 43 and 44 HPLIP Updates Address Critical Code Execution Vulnerabilities

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Published: 2026-06-03 · Updated: 2026-06-03

Keywords: fedora, zdenek, dohnal, hplip, arbitrary, code, execution

Severity indicators: arbitrary code execution

Summary

Fedora has released updates for HPLIP addressing critical vulnerabilities CVE-2026-8631 and CVE-2026-8632, both published on May 20, 2026. These vulnerabilities allow for arbitrary code execution and privilege escalation via an integer overflow in hpcups, affecting users of Fedora 43 and 44. The updates were made available on May 25 and May 26, 2026, respectively. Users are urged to apply the updates promptly using the 'dnf' update program to mitigate potential exploitation. The vulnerabilities could lead to severe security risks if left unaddressed, particularly for systems utilizing HPLIP for printer management. Key Points: • Fedora updates address critical vulnerabilities CVE-2026-8631 and CVE-2026-8632. • Vulnerabilities allow arbitrary code execution and privilege escalation in HPLIP. • Users are advised to apply updates immediately using the 'dnf' update program.

Detailed Analysis

**Impact** Users of Fedora 43 and 44 operating systems are affected by vulnerabilities in the HPLIP (HP Linux Imaging and Printing) software. The flaws allow arbitrary code execution and privilege escalation, potentially compromising affected systems. The scope includes all Fedora 43 and 44 installations using HPLIP, with no specific sectors or geographies detailed in the sources. The vulnerabilities could lead to unauthorized control over printing services and broader system access. **Technical Details** The vulnerabilities, identified as CVE-2026-8631 and CVE-2026-8632, involve an integer overflow in the hpcups component of HPLIP, enabling arbitrary code execution and privilege escalation. The attack vector involves exploitation of the hp-plugin-download process, with fixes addressing plugin location and user-agent handling. The kill chain stage corresponds to exploitation and execution. No specific malware, tools, or IOCs are mentioned in the articles. **Recommended Response** Apply the Fedora updates immediately using the dnf package manager with advisories FEDORA-2026-28afc9a105 for Fedora 43 and FEDORA-2026-df2e96fe77 for Fedora 44. Use the commands `su -c 'dnf upgrade --advisory <advisory>'` to install patches. Monitor for unusual printing service behavior and privilege escalation attempts. No additional detection signatures or IOCs are provided.

Source articles (2)

• Fedora 44 hplip Critical Fix for Arbitrary Code Execution 2026 — Linuxsecurity · 2026-06-02
  * Tue May 26 2026 Zdenek Dohnal - 3.26.4-2 - Fix location+user-agent of plugin in hp-plugin-download * Mon May 25 2026 Zdenek Dohnal - 3.26.4-1 - 3.26.4 (fedora#2480158), fixes CVE-2026-8631, CVE-2026…
• Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution — Linuxsecurity · 2026-06-03
  * Tue May 26 2026 Zdenek Dohnal - 3.26.4-2 - Fix location+user-agent of plugin in hp-plugin-download * Mon May 25 2026 Zdenek Dohnal - 3.26.4-1 - 3.26.4 (fedora#2480158), fixes CVE-2026-8631, CVE-2026…

Timeline

• 2026-05-20 — CVE-2026-8631 and CVE-2026-8632 published: Two critical vulnerabilities in HPLIP were disclosed, allowing arbitrary code execution and privilege escalation.
• 2026-05-25 — Fedora 43 HPLIP update released: An update for Fedora 43 was released to fix the vulnerabilities, urging users to upgrade.
• 2026-05-26 — Fedora 44 HPLIP update released: An update for Fedora 44 was released addressing the same vulnerabilities, with installation instructions provided.

CVEs

• CVE-2026-8631
• CVE-2026-8632

Related entities

• Cwe-190 - Integer Overflow Or Wraparound (Cwe)
• CWE-269 - Improper Privilege Management (Cwe)
• T1068 - Exploitation for Privilege Escalation (Mitre Attack)
• T1203 - Exploitation for Client Execution (Mitre Attack)
• Fedora (Company)
• Linux (Platform)