CVE-2026-1997 in OfficeJet Pro 8730 All-in-One Printer
Summary
by MITRE • 02/10/2026
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.
CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/12/2026
The vulnerability identified as CVE-2026-1997 affects HP OfficeJet Pro series printers and represents a critical misconfiguration issue within the Cross-Origin Resource Sharing implementation. This security flaw emerges when administrators inadvertently enable CORS functionality on these devices, creating potential attack vectors that could compromise printer security. The vulnerability specifically targets the Embedded Web Server component of these professional-grade devices, which serves as the primary interface for web-based management and configuration activities.
The technical nature of this vulnerability stems from the improper handling of CORS policies within the printer's web server implementation. When CORS is enabled, the device's security boundaries become weakened, allowing web origins that are not properly authenticated or authorized to establish connections with the printer's internal resources. This misconfiguration creates a pathway for malicious actors to potentially access sensitive printer functions and data through unauthorized web applications. The vulnerability is classified under CWE-346, which addresses improper validation of critical parameters, specifically the validation of origin headers in web applications. The flaw is particularly concerning because it operates at the network level, potentially allowing attackers to perform actions that should be restricted to authorized administrators only.
The operational impact of this vulnerability extends beyond simple information disclosure, as it could enable attackers to manipulate printer configurations, access stored print jobs, or potentially escalate privileges within the device's management interface. Attackers could leverage this weakness to perform reconnaissance activities, gather information about the printer's configuration, or even execute unauthorized administrative commands. The risk is amplified when considering that these are professional-grade printers often deployed in enterprise environments where they may have access to sensitive corporate networks and data. According to ATT&CK framework, this vulnerability maps to T1071.004 for application layer protocols and T1566 for credential access through web application attacks. The impact is particularly severe in environments where printer security is not properly monitored or where administrators may not fully understand the security implications of enabling CORS functionality.
Organizations should implement immediate mitigations to address this vulnerability, beginning with ensuring that CORS is disabled on all affected HP OfficeJet Pro printers unless explicitly required for legitimate business purposes. Administrators should conduct thorough audits of their printer configurations to identify any devices with CORS enabled and disable the feature immediately. The recommended approach aligns with the principle of least privilege, where only necessary services are enabled and all unnecessary functionality is disabled. Security teams should also implement network monitoring to detect unauthorized access attempts to printer management interfaces and establish regular security assessments of all networked printing devices. Additionally, administrators should ensure that all printer firmware is updated to the latest versions provided by HP, as these updates typically include security patches for known vulnerabilities. The mitigation strategy should also include proper training for administrators regarding the security implications of enabling web-based services and the importance of maintaining secure default configurations.