JVNVU#90878203: Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure

Overview

Canon Production Printers and Office Multifunction Printers contain an information disclosure vulnerability.

Products Affected

For details on the affected products and versions, refer to the vendor's advisory.

Description

Canon Production Printers and Office Multifunction Printers contain the following vulnerability.

Reliance on untrusted inputs in a security decision (CWE-807)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9
  CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score 4.9
- CVE-2026-1789

Impact

If an attacker with administrative privileges sends a specially crafted request, sensitive information within the product may be obtained.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Apply the Workaround
Apply the following workarounds to prevent access from untrusted entities:

Use the product within a network protected by a firewall.
Configure the product to use a private IP address.

Vendor Status

Vendor	Link
Canon Inc.	CP2026-003 Vulnerability Mitigation/Remediation for Production Printers and Office Multifunction Printers
Canon USA	CPA2026-003: Vulnerability Mitigation/Remediation for Production Printers and Office Multifunction Printers
Canon Europe	CPE2026-003 – Vulnerability Mitigation/Remediation for Production Printers and Office Multifunction Printers

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Canon Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#90878203 Canon Production Printers and Office Multifunction Printers vulnerable to information disclosure