CVE-2026-39316: CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Published Apr 7, 2026
·Updated
CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer
Affected Software
3 affected componentsFixes available
Event History
Apr 7, 2026
CVE Published
via MITRE·05:00 PM
Data Sourced
via MITRE·05:00 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:16 PM
DescriptionSeverityWeaknessAffected Software
Apr 9, 2026
Data Sourced
via Microsoft·08:01 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:01 AM
Affected Software
Updated
via Microsoft·08:01 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2026-39316?
CVE-2026-39316 is classified as a critical severity vulnerability due to its potential for exploitation.
2
How does CVE-2026-39316 affect CUPS?
CVE-2026-39316 affects CUPS versions 2.4.16 and earlier, leading to a use-after-free condition that can be exploited.
3
How do I fix CVE-2026-39316?
To fix CVE-2026-39316, upgrade to a version of CUPS newer than 2.4.16 that addresses this vulnerability.
4
What are the potential consequences of exploiting CVE-2026-39316?
Exploitation of CVE-2026-39316 could allow an attacker to execute arbitrary code or crash the CUPS scheduler.
5
Is my system vulnerable to CVE-2026-39316?
If you are running CUPS version 2.4.16 or earlier, your system is vulnerable to CVE-2026-39316.