Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2023-27351
PUBLISHEDThis vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication...
1 day faster than CISA KEV
- Vendor
- PaperCut
- Product
- NG
- Published
- Apr 20, 2023
- EPSS
- 65.6% · 99% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
Weaknesses (CWE)
-
Improper Authentication
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitation status
Exploited in the wild
Recorded 2026-06-01 13:22:22 UTC · CVE
Used in malware
Recorded 2026-06-02 14:01:39 UTC · CVE
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2026-06-01 13:22 UTC |
| CISA | 2026-06-02 14:01 UTC |
| The Shadowserver (via CIRCL) | 2026-06-04 00:00 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-27351.yaml | Jun 01, 2026 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
KEV confirmed by CISA
-
Exploit Used in Malware
-
KEV confirmed by The Shadowserver (via CIRCL)