CVE-2026-4682

Published: Apr 15, 2026

Modified: May 27, 2026

PUBLISHED

Description

Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windows–based network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

Vendor	Product	Versions
HP Inc	HP DeskJet 2800e All-in-One Printer series	affected `0 - < <2612A`
HP Inc	HP DeskJet 4200 All-in-One Printer series	affected `0 - < <2612A`
HP Inc	HP DeskJet Ink Advantage 4200 All-in-One Printer series	affected `0 - < <2612A`
HP Inc	HP DeskJet 4200e All-in-One Printer series	affected `0 - < <2612A`
HP Inc	HP DeskJet Ink Advantage Ultra 4900 series	affected `0 - < <2612A`
HP Inc	HP DeskJet Ink Advantage 2800 All-in-One Printer series	affected `0 - < <2612A`

Weaknesses (CWE)

CWE-121

References

https://support.hp.com/us-en/document/ish_14744451-14744475-16

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-4682

Description

Affected Products

Weaknesses (CWE)

References