A critical integer overflow in HP's Linux printing software (HPLIP) allows unauthenticated remote attackers to escalate privileges or execute arbitrary code, and stems from an incomplete fix for an earlier flaw.
What Is It
CVE-2026-14544 is a flaw in HPLIP (HP Linux Imaging and Printing Software). It is an integer overflow (CWE-190) in the hpcups processing path, triggered when the software handles specially crafted print data. The vulnerability is an incomplete fix for the earlier CVE-2026-8631. Red Hat assigns it a CVSS 3.1 base score of 9.8 (CRITICAL), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning it is network-reachable, low-complexity, and requires no privileges or user interaction.
Why It Matters
A remote attacker exploiting this flaw may escalate privileges or achieve arbitrary code execution. With high impact to confidentiality, integrity, and availability and no authentication required, successful exploitation could give an attacker full control over an affected system through the print processing path.
What's Vulnerable
The affected package is hplip on the following Red Hat platforms:
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6 and 7 are listed as unaffected.
Patch Status
The supplied source material does not include a CISA KEV entry for this CVE, so there is no confirmation of active exploitation at this time. The CVE record was published 2026-07-03 with a status of "Received," and no fixed package versions or specific remediation steps are provided in the supplied data. Administrators should monitor Red Hat's security advisory and Bugzilla tracker (linked below) for patch availability and vendor guidance.
Sources
- Red Hat Security Advisory; CVE-2026-14544: https://access.redhat.com/security/cve/CVE-2026-14544
- Red Hat Bugzilla #2496772: https://bugzilla.redhat.com/show_bug.cgi?id=2496772