Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2023-27351 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2023-27351 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2023-27351 is an improper authentication vulnerability in PaperCut NG and PaperCut MF print management software that allows unauthenticated remote attackers to bypass authentication controls via the SecurityRequestFilter class.

Technical Detail

The flaw resides in the SecurityRequestFilter class, which is responsible for enforcing authentication checks on incoming requests. An attacker can craft requests that bypass this filter, gaining unauthorized access to protected application functionality without valid credentials. Depending on the access level achieved, exploitation could lead to unauthorized administrative access, sensitive data exposure, or serve as a foothold for further compromise of the underlying host or connected print infrastructure.

Exploitation Status

The exploit is rated as operational, meaning functional exploit code exists and has been demonstrated in real-world attack scenarios beyond proof-of-concept. CISA has confirmed active exploitation in the wild, adding this vulnerability to the Known Exploited Vulnerabilities catalog on April 20, 2026. Organizations running unpatched PaperCut NG or MF instances should treat this as an active threat requiring immediate action.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Given the KEV listing and operational exploit maturity, exploitation is likely opportunistic and broad-based, but targeted campaigns cannot be ruled out. No specific sectors have been formally identified as primary targets in available threat intelligence.

What To Do

Apply the vendor-supplied patch for PaperCut NG and MF immediately. Per CISA's Known Exploited Vulnerabilities catalog, federal civilian executive branch agencies are required to remediate this vulnerability by the deadline associated with the April 20, 2026 KEV listing. All organizations should treat this as a high-priority patch regardless of the CVSS score, which does not reflect the confirmed in-the-wild exploitation. If immediate patching is not possible, restrict external access to the PaperCut web administration interface and application server ports at the network perimeter. Review PaperCut server logs for anomalous unauthenticated access attempts or unexpected administrative actions as indicators of potential compromise.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →