Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.3, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, for affected systems. Impacting 82 products from hp, from hp, from hp and 79 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2026, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2026-02-10T18:16:22.513

Last Modified

2026-02-12T15:13:31.403

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-346

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	m9l65a_firmware	< 001.2602a	Yes
Hardware	hp	m9l65a	-	No
Operating System	hp	d9l20a_firmware	< 001.2602b	Yes
Hardware	hp	d9l20a	-	No
Operating System	hp	k7s32a_firmware	< 001.2602b	Yes
Hardware	hp	k7s32a	-	No
Operating System	hp	d9l21a_firmware	< 001.2602b	Yes
Hardware	hp	d9l21a	-	No
Operating System	hp	k7s42a_firmware	< 001.2602b	Yes
Hardware	hp	k7s42a	-	No
Operating System	hp	t0g65a_firmware	< 001.2602b	Yes
Hardware	hp	t0g65a	-	No
Operating System	hp	k7s39a_firmware	< 001.2602b	Yes
Hardware	hp	k7s39a	-	No
Operating System	hp	j6x83a_firmware	< 001.2602b	Yes
Hardware	hp	j6x83a	-	No
Operating System	hp	k7s43a_firmware	< 001.2602b	Yes
Hardware	hp	k7s43a	-	No
Operating System	hp	k7s40a_firmware	< 001.2602b	Yes
Hardware	hp	k7s40a	-	No
Operating System	hp	k7s41a_firmware	< 001.2602b	Yes
Hardware	hp	k7s41a	-	No
Operating System	hp	t0g56a_firmware	< 001.2602b	Yes
Hardware	hp	t0g56a	-	No
Operating System	hp	d9l63a_firmware	< 001.2602b	Yes
Hardware	hp	d9l63a	-	No
Operating System	hp	d9l64a_firmware	< 001.2602b	Yes
Hardware	hp	d9l64a	-	No
Operating System	hp	j3p65a_firmware	< 001.2602b	Yes
Hardware	hp	j3p65a	-	No
Operating System	hp	j3p66a_firmware	< 001.2602b	Yes
Hardware	hp	j3p66a	-	No
Operating System	hp	j3p67a_firmware	< 001.2602b	Yes
Hardware	hp	j3p67a	-	No
Operating System	hp	j3p68a_firmware	< 001.2602b	Yes
Hardware	hp	j3p68a	-	No
Operating System	hp	t0g70a_firmware	< 001.2602b	Yes
Hardware	hp	t0g70a	-	No
Operating System	hp	g5j38a_firmware	< 001.2602a	Yes
Hardware	hp	g5j38a	-	No
Operating System	hp	t1p99a_firmware	< 001.2602a	Yes
Hardware	hp	t1p99a	-	No
Operating System	hp	l3t99a_firmware	< 001.2602a	Yes
Hardware	hp	l3t99a	-	No
Operating System	hp	y0s19a_firmware	< 001.2602a	Yes
Hardware	hp	y0s19a	-	No
Operating System	hp	g5j56a_firmware	< 001.2602a	Yes
Hardware	hp	g5j56a	-	No
Operating System	hp	y0s18a_firmware	< 001.2602a	Yes
Hardware	hp	y0s18a	-	No
Operating System	hp	d9l18a_firmware	< 001.2602a	Yes
Hardware	hp	d9l18a	-	No
Operating System	hp	m9l66a_firmware	< 001.2602a	Yes
Hardware	hp	m9l66a	-	No
Operating System	hp	m9l67a_firmware	< 001.2602a	Yes
Hardware	hp	m9l67a	-	No
Operating System	hp	t0g46a_firmware	< 001.2602a	Yes
Hardware	hp	t0g46a	-	No
Operating System	hp	j6x76a_firmware	< 001.2602a	Yes
Hardware	hp	j6x76a	-	No
Operating System	hp	j6x78a_firmware	< 001.2602a	Yes
Hardware	hp	j6x78a	-	No
Operating System	hp	j6x80a_firmware	< 001.2602a	Yes
Hardware	hp	j6x80a	-	No
Operating System	hp	k7s37a_firmware	< 001.2602a	Yes
Hardware	hp	k7s37a	-	No
Operating System	hp	m9l70a_firmware	< 001.2602a	Yes
Hardware	hp	m9l70a	-	No
Operating System	hp	j6x77a_firmware	< 001.2602a	Yes
Hardware	hp	j6x77a	-	No
Operating System	hp	j6x81a_firmware	< 001.2602a	Yes
Hardware	hp	j6x81a	-	No
Operating System	hp	j6x79a_firmware	< 001.2602a	Yes
Hardware	hp	j6x79a	-	No
Operating System	hp	k7s38a_firmware	< 001.2602a	Yes
Hardware	hp	k7s38a	-	No
Operating System	hp	t0g47a_firmware	< 001.2602a	Yes
Hardware	hp	t0g47a	-	No
Operating System	hp	t0g48a_firmware	< 001.2602a	Yes
Hardware	hp	t0g48a	-	No
Operating System	hp	t0g49a_firmware	< 001.2602a	Yes
Hardware	hp	t0g49a	-	No

References

https://support.hp.com/us-en/document/ish_14051823-14051849-16/hpsbpi04086 Vendor Advisory ([email protected])

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.