Vulnerability intelligence

CVE-2023-27351

PaperCut NG/MF Improper Authentication Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

CVSS Score

8.2

High

EPSS — Exploit Probability

66%

Riskier than 99% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2026-05-04

CISA required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-04.

NVD entry Vendor patch PoC / advisory CISA KEV

6 articles across 6 outlets · first covered Apr 6, 2026 · latest Apr 21, 2026

Associated threat actors

DEV-0950 Storm-1175

Coverage timeline

CISA Adds Cisco SD WAN, Zimbra XSS Flaws to KEV Catalog
www.securityweek.com · Apr 21, 2026
CISA adds weaponised PaperCut, TeamCity flaws to KEV catalog
securityaffairs.com · Apr 21, 2026
CISA adds eight KEV flaws, Cisco SDWAN bugs actively exploited
thehackernews.com · Apr 21, 2026
PaperCut NG/MF CVE-2023-27351 flaw added to CISA KEV catalog
www.cisa.gov · Apr 21, 2026
CISA Adds PaperCut Auth Bypass Flaw CVE‑2023‑27351 to KEV
cisa.gov · Apr 21, 2026
Storm-1175 hackers use fresh flaws to drop Medusa ransomware
www.microsoft.com · Apr 6, 2026