Donate Telegram

CVE-2026-23767

NONE EPSS 0.07%

Mar 05, 2026

Updated Mar 05, 2026

ESC

Parameter	Value
Type	CWE-306 (Missing Authentication for Critical Function)
Vendor	ESC
Public PoC	No

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

References 3

https://download4.epson.biz/sec_pubs/bs/pdf/IP_Filtering_Guide_en_revA.pdf

vultures@jpcert.or.jp

https://jvn.jp/en/ta/JVNTA97995322/

vultures@jpcert.or.jp

https://www.epson.jp/support/misc_t/260305_oshirase.htm

vultures@jpcert.or.jp

Share Post Share Share Share

CVE Details

CVE ID

CVE-2026-23767

Published Date

Mar 05, 2026

Vendor

ESC

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.07%

Likelihood of exploitation in next 30 days

Percentile: 20.4th percentile (higher than 20.4% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice