Description
A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
https://canon.jp/support/support-info/260423vulnerability-response
Vendor Advisory vendor-advisory
https://www.usa.canon.com/about-us/to-our-customers/cpa2026-003-vulnerability-mitigation-remediation-for-production-printers-and-office-multifunction-printers
Vendor Advisory vendor-advisory
https://www.canon-europe.com/support/product-security/
Vendor Advisory vendor-advisory
https://psirt.canon/advisory-information/cp2026-003/
Scores
CVSS v3
4.9
EPSS
0.0028
EPSS Percentile
19.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-807
Status
published
Products (15)
Canon Inc./i-SENSYS C1533iF II
v16.04 or earlier
Canon Inc./i-SENSYS MF842Cdw
v16.04 or earlier
Canon Inc./i-SENSYS X C1538 iF II
v16.04 or earlier
Canon Inc./imageCLASS X C1538iF II
v16.04 or earlier
Canon Inc./imageCLASS X MF1538C II
v16.04 or earlier
Canon Inc./imageFORCE Series
all version
Canon Inc./imagePRESS Series
all version
Canon Inc./imageRUNNER ADVANCE Series
all version
Canon Inc./imageRUNNER Series
all version
Canon Inc./MF842CDW
v16.04 or earlier
... and 5 more
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026