CVE-2026-1997

Published: Feb 10, 2026

Modified: Feb 10, 2026

PUBLISHED

Description

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Vendor	Product	Versions
HP Inc	HP OfficeJet Pro 8730 All-in-One Printer	affected `0 - < <001.2602B`
HP Inc	HP OfficeJet Pro 8740 All-in-One Printer series	affected `0 - < <001.2602B`
HP Inc	HP OfficeJet Pro 8730 Mono Printer series	affected `0 - < <001.2602B`
HP Inc	HP OfficeJet Pro 8210 Printer series	affected `0 - < <001.2602B`
HP Inc	HP OfficeJet Pro 7740 Wide Format All-in-One Printer series	affected `0 - < <002.2602A`
HP Inc	HP OfficeJet Pro 7730 Wide Format All-in-One Printer	affected `0 - < <002.2602A`
HP Inc	HP OfficeJet Pro 7720 Wide Format All-in-One Printer series	affected `0 - < <002.2602A`
HP Inc	HP OfficeJet Pro 8710 All-in-One Printer series	affected `0 - < <001.2602A`

Weaknesses (CWE)

CWE-346

References

https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1997

Description

Affected Products

Weaknesses (CWE)

References