CVE-2023-27351

unknown KEV

Published 2026-04-20 · Modified 2026-04-20

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

CISA KEV

Vendor: PaperCut
Product: NG/MF
Due date: 2026-05-04

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351

Exploits

References

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351

Verify integrity in audit chain (admin only). AS-IS.