CVE-2026-4682
CWE-121Published: April 15, 2026· Updated: Apr 17, 2026
Official Description
Certain HP DeskJet All in One devices
may be vulnerable to remote code execution caused by a buffer overflow when
specially crafted Web Services for Devices (WSD) scan requests are improperly
validated and handled by the MFP.
WSD
Scan is a Microsoft Windows–based network scanning protocol that allows a PC to
discover scanners (and MFPs) on a network and send scan jobs to them without
requiring vendor specific drivers or utilities.
Technical Analysis
CVE-2026-4682 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-121)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4682 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts