CVE-2023-27351

8.2

HIGH CVSS 3.0

PaperCut NG/MF Improper Authentication Vulnerability - [Actively Exploited]

Overview

Description

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

Details

INFO

Published Date :

April 20, 2023, 4:15 p.m.

Last Modified :

April 21, 2026, 12:48 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: May 04, 2026

Alert Date: Apr 20, 2026 | 18 days ago

Description :

PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the SecurityRequestFilter class.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Known Detected Apr 22, 2026

Notes :

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351

Impact

Affected Products

The following products are affected by CVE-2023-27351 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Papercut	papercut_ng
2	Papercut	papercut_mf

: Total Affected Vendor : 1 | Products : 2

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.0	HIGH				[email protected]
	CVSS 3.1	HIGH				[email protected]

Solution

A vulnerability in PaperCut NG and MF allows for authentication bypass.

Upgrade PaperCut NG to version 20.1.7, 21.2.11, or 22.0.9 or later.
Upgrade PaperCut MF to version 20.1.7, 21.2.11, or 22.0.9 or later.

Public PoC/Exploit Available at Github

CVE-2023-27351 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-27351.

URL	Resource
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-232/	Third Party Advisory VDB Entry
https://www.papercut.com/kb/Main/PO-1216-and-PO-1219	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-232/	Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351	US Government Resource

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-27351 is associated with the following CWEs:

CWE-287: Improper Authentication

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-27351 weaknesses.

CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-114: Authentication Abuse Authentication Abuse CAPEC-115: Authentication Bypass Authentication Bypass CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-194: Fake the Source of Data Fake the Source of Data CAPEC-593: Session Hijacking Session Hijacking CAPEC-633: Token Impersonation Token Impersonation CAPEC-650: Upload a Web Shell to a Web Server Upload a Web Shell to a Web Server

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

DevGreick/devgreick

None

Python

Updated: 1 week, 5 days ago

1 stars 0 fork 0 watcher

Born at : Oct. 29, 2024, 8:10 p.m. This repo has been linked 10 different CVEs too.

Loginsoft-LLC/Linux-Exploit-Detection

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

ebpf exploit falco linux osquery runtime-security threat-hunting openpolicyagent rego cloudnative cve yara cloudsecurity vulnerability-management threat-intelligence vulnerability-intelligence threat-detection

Open Policy Agent

Updated: 1 year, 5 months ago

21 stars 1 fork 1 watcher

Born at : June 22, 2023, 8:59 a.m. This repo has been linked 29 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-27351 vulnerability anywhere in the article.

TheCyberThrone

CISA Adds Eight Actively Exploited Vulnerabilities to KEV Catalog

CISA expanded its Known Exploited Vulnerabilities (KEV) catalog on April 20, 2026, adding eight security flaws spanning enterprise print management, CI/CD platforms, CMS infrastructure, appliance mana ...