CVE-2026-5115

Published: Mar 31, 2026

Modified: Mar 31, 2026

PUBLISHED

Description

The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communication channel between the embedded application and the server was insecure, which could leak data including sensitive information that may be used to mount an attack on the device. Such an attack could potentially be used to steal data or to perform a phishing attack on the end user.

Vendor	Product	Versions
PaperCut	Papercut NG/MF	affected `0 - < 25.0.5` affected `0 - < 25.0.9 (KM certified)`

Weaknesses (CWE)

CWE-319

References

https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5115

Description

Affected Products

Weaknesses (CWE)

References