Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
d9l20a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l21a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l63a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l64a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
g5j38a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
g5j56a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j3p65a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p66a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p67a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p68a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j6x76a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x77a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x78a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x79a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x80a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x81a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x83a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s32a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s37a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
k7s38a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
k7s39a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s40a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s41a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s42a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s43a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
l3t99a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l65a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l66a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l67a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l70a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g46a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g47a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g48a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g49a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g56a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t0g65a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t0g70a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t1p99a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
y0s18a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
y0s19a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityLow
IntegrityNone
AvailabilityNone
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploit Intelligence
0.20%probability of exploitation in 30 days
10thpercentile
Low risk: more likely to be exploited than 10% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-12.