CVE-2026-1789

Summary

A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.

Affected Software

VendorProductVersion RangeStatus
Canon Inc.imagePRESS Seriesall versionaffected
Canon Inc.imageFORCE Seriesall versionaffected
Canon Inc.imageRUNNER ADVANCE Seriesall versionaffected
Canon Inc.imageRUNNER Seriesall versionaffected
Canon Inc.Satera MF7525Fv15.00 or earlieraffected
Canon Inc.Satera MF7625Fv8.12 or earlieraffected
Canon Inc.Satera MF7725Fv16.04 or earlieraffected
Canon Inc.Satera MF842CDWv16.04 or earlieraffected
Canon Inc.imageCLASS X C1538iF IIv16.04 or earlieraffected
Canon Inc.imageCLASS X MF1538C IIv16.04 or earlieraffected
Canon Inc.i-SENSYS C1533iF IIv16.04 or earlieraffected
Canon Inc.i-SENSYS X C1538 iF IIv16.04 or earlieraffected
Canon Inc.i-SENSYS MF842Cdwv16.04 or earlieraffected
Canon Inc.MF842CDWv16.04 or earlieraffected
Canon Inc.MF842CXv16.04 or earlieraffected

Weaknesses

  • CWE-807: CWE-807: Reliance on Untrusted Inputs in a Security Decision

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References