CVE & CISA-KEV Catalog

CVE-2026-1997

MEDIUM
5.3
CVSS v3
NVD

Description

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.

How to fix

Remediation Available
d9l18a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
d9l20a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l21a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l63a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
d9l64a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
g5j38a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
g5j56a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j3p65a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p66a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p67a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j3p68a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
j6x76a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x77a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x78a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x79a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x80a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x81a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
j6x83a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s32a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s37a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
k7s38a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
k7s39a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s40a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s41a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s42a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
k7s43a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
l3t99a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l65a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l66a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l67a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
m9l70a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g46a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g47a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g48a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g49a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
t0g56a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t0g65a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t0g70a firmwareNVD
Affected:< 001.2602bFixed in:001.2602bCVE-2026-1997derived from NVD
t1p99a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
y0s18a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD
y0s19a firmwareNVD
Affected:< 001.2602aFixed in:001.2602aCVE-2026-1997derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit Intelligence

0.20%probability of exploitation in 30 days
10thpercentile

Low risk: more likely to be exploited than 10% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-346 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2009-1185High7.282%-Fix
CVE-2025-34291High8.879%KEV-
CVE-2020-16952High8.671%--
CVE-2023-29711Critical9.870%--
CVE-2015-4495High8.870%KEVFix
CVE-2024-23898High8.867%-Fix
Embed a live status badge for CVE-2026-1997
CVE-2026-1997 severity badge

Markdown

[![CVE-2026-1997](https://tridentstack.com/cve/badge/CVE-2026-1997.svg)](https://tridentstack.com/cve/CVE-2026-1997)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-1997"><img src="https://tridentstack.com/cve/badge/CVE-2026-1997.svg" alt="CVE-2026-1997"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-12.