AI agents (allegedly) help find CUPS flaws that enable RCE and root overwrite

April 6, 2026
aisecuritylawopen-source
From above contemporary server cable trays without wires located in modern data center
Photo by Brett Sayles on Pexels

What happened

It has been reported that security researcher Asim Viladi Oglu Manizada — assisted by a troupe of vulnerability-hunting AI agents — discovered two CUPS flaws, tracked as CVE-2026-34980 and CVE-2026-34990, that can be chained to give an unauthenticated attacker remote code execution as lp and then a root file overwrite. CUPS, the Common Unix Printing System, is the default print stack on most Linux distributions and Apple devices, so a flaw here has a big blast radius. No patched release is out yet, though public commits with fixes are available.

How the chain works

The first bug, CVE-2026-34980, allegedly hinges on a shared PostScript queue reachable over the network and CUPS’ default policy of accepting anonymous print jobs for shared queues. Attackers can exploit quirky parsing: CUPS prefixes newlines with a backslash then later strips that backslash, letting crafted input survive escaping and reparse. It has been reported that an attacker can abuse CUPS’ treatment of lines starting with "PPD:" as trusted control records to inject a malicious PPD entry and then trick the server into executing an existing binary (think /usr/bin/vim) as lp. That RCE can be chained with CVE-2026-34990 — an authorization flaw that works on the default configuration — to turn a low-privileged print job into a root file overwrite.

Risk and mitigation

Manizada told The Register he hasn’t seen signs of active exploitation, but it has been reported that maintainer advisories include PoCs and that modern LLMs can quickly convert writeups into working proof‑of‑concepts — so this could be trivial to weaponize on affected deployments. How worried should you be? If you run networked, shared printers in a corporate environment, quite a bit. Disable shared queues, restrict access to the CUPS port, and apply the available fixes or mitigations as soon as a patched release lands. Short term: assume exposure if you allow anonymous remote printing.

Bigger picture

This episode spotlights two trends at once: CUPS keeps being a fertile target for creative abuse, and AI tooling is accelerating the speed from disclosure to exploit. A decade ago you’d have days or weeks to patch; now? Minutes, if someone has the right prompt. Scary? Yes. Fixable? Also yes — but only if admins move faster than the scanners.

Sources: The Register