CVE-2022-26691

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-26691
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-05-26 18:15:00 UTC
Updated2023-11-07 03:45:00 UTC
DescriptionA logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

Risk And Classification

Problem Types: CWE-697

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apple Cups All All All All
Operating System Apple Macos All All All All
Operating System Apple Mac Os X All All All All
Operating System Apple Mac Os X 10.15.7 - All All
Operating System Apple Mac Os X 10.15.7 security_update_2020 All All
Operating System Apple Mac Os X 10.15.7 security_update_2020-001 All All
Operating System Apple Mac Os X 10.15.7 security_update_2020-005 All All
Operating System Apple Mac Os X 10.15.7 security_update_2020-007 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-001 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-002 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-003 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-006 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-007 All All
Operating System Apple Mac Os X 10.15.7 security_update_2021-008 All All
Operating System Apple Mac Os X 10.15.7 security_update_2022-001 All All
Operating System Apple Mac Os X 10.15.7 security_update_2022-002 All All
Operating System Apple Mac Os X 10.15.7 supplemental_update All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Application Openprinting Cups All All All All

References

ReferenceSourceLinkTags
About the security content of Security Update 2022-003 Catalina - Apple Support MISC support.apple.com
[SECURITY] Fedora 36 Update: cups-2.4.2-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] [DLA 3029-1] cups security update MLIST lists.debian.org
About the security content of macOS Monterey 12.3 - Apple Support MISC support.apple.com
About the security content of macOS Big Sur 11.6.5 - Apple Support MISC support.apple.com
Vulnerability-Disclosures/MNDT-2022-0026.md at master · mandiant/Vulnerability-Disclosures · GitHub MISC github.com
Debian -- Security Information -- DSA-5149-1 cups DEBIAN www.debian.org
[SECURITY] Fedora 35 Update: cups-2.3.3op2-18.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
scheduler/cert.c: Fix string comparison (fixes CVE-2022-26691) · OpenPrinting/cups@de4f8c1 · GitHub MISC github.com
[SECURITY] Fedora 36 Update: cups-2.4.2-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: cups-2.3.3op2-18.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159909 Oracle Enterprise Linux Security Update for cups (ELSA-2022-5056)
  • 159926 Oracle Enterprise Linux Security Update for cups (ELSA-2022-4990)
  • 179323 Debian Security Update for cups (DSA 5149-1)
  • 179324 Debian Security Update for cups (DLA 3029-1)
  • 182117 Debian Security Update for cups (CVE-2022-26691)
  • 198810 Ubuntu Security Notification for CUPS Vulnerabilities (USN-5454-1)
  • 240460 Red Hat Update for cups (RHSA-2022:4990)
  • 240467 Red Hat Update for cups (RHSA-2022:5055)
  • 240470 Red Hat Update for cups (RHSA-2022:5057)
  • 240479 Red Hat Update for cups (RHSA-2022:5056)
  • 282800 Fedora Security Update for cups (FEDORA-2022-09a89bc265)
  • 282824 Fedora Security Update for cups (FEDORA-2022-39e057bc6d)
  • 296083 Oracle Solaris 11.4 Support Repository Update (SRU) 49.126.2 Missing (CPUOCT2022)
  • 354339 Amazon Linux Security Advisory for cups : ALAS2022-2022-108
  • 354502 Amazon Linux Security Advisory for cups : ALAS2022-2022-203
  • 355239 Amazon Linux Security Advisory for cups : ALAS2023-2023-073
  • 377156 Alibaba Cloud Linux Security Update for cups (ALINUX3-SA-2022:0154)
  • 501393 Alpine Linux Security Update for cups
  • 501737 Alpine Linux Security Update for cups
  • 501953 Alpine Linux Security Update for cups
  • 502211 Alpine Linux Security Update for cups
  • 503885 Alpine Linux Security Update for cups
  • 672063 EulerOS Security Update for cups (EulerOS-SA-2022-2216)
  • 672106 EulerOS Security Update for cups (EulerOS-SA-2022-2309)
  • 672147 EulerOS Security Update for cups (EulerOS-SA-2022-2412)
  • 672170 EulerOS Security Update for cups (EulerOS-SA-2022-2425)
  • 710864 Gentoo Linux CUPS Multiple Vulnerabilities (GLSA 202402-17)
  • 752180 SUSE Enterprise Linux Security Update for cups (SUSE-SU-2022:1861-1)
  • 960149 Rocky Linux Security Update for cups (RLSA-2022:5056)
  • 960641 Rocky Linux Security Update for cups (RLSA-2022:4990)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report