CVE-2026-1996

Name: CVE-2026-1996
Creator: NVD / NIST
Published: 2026-02-10T18:16:22.387+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.9/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2026-1996 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0

6.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.27%

17.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-703

Affected Software

Vendor	Product	Versions
Hp	D9l18a Firmware	< 001.2602a
Hp	M9l66a Firmware	< 001.2602a
Hp	M9l67a Firmware	< 001.2602a
Hp	T0g46a Firmware	< 001.2602a
Hp	J6x76a Firmware	< 001.2602a
Hp	J6x78a Firmware	< 001.2602a
Hp	J6x80a Firmware	< 001.2602a
Hp	K7s37a Firmware	< 001.2602a
Hp	M9l70a Firmware	< 001.2602a
Hp	J6x77a Firmware	< 001.2602a
Hp	J6x81a Firmware	< 001.2602a
Hp	J6x79a Firmware	< 001.2602a
Hp	K7s38a Firmware	< 001.2602a
Hp	T0g47a Firmware	< 001.2602a
Hp	T0g48a Firmware	< 001.2602a
Hp	T0g49a Firmware	< 001.2602a
Hp	M9l65a Firmware	< 001.2602a

References

https://support.hp.com/us-en/document/ish_14057472-14057502-16/hpsbpi04089Vendor Advisory

Timeline

Published: Feb 10, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-1996?

Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

How severe is CVE-2026-1996?

CVE-2026-1996 has a CVSS score of 6.9/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2026-1996?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-1996?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST