CVE-2023-27350: PaperCut MF/NG Improper Access Control Vulnerability.

PaperCut MF/NG Improper Access Control Vulnerability. PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

• CISA KEV-listed (remediation due 2023-05-12)
• used in ransomware campaigns
• EPSS 94.3% (99.9% percentile)

Related briefings

• Microsoft Exposes Onyx Sleet's Expanding Malware Arsenal Targeting Aerospace and Defense Organizations 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions