CP2026-003 Vulnerability Mitigation/Remediation for Production Printers and Office Multifunction Printers

CP2026-003 Vulnerability Mitigation/Remediation for Production Printers and Office Multifunction Printers

April 23, 2026
Canon Inc.
 
 
Description
A vulnerability has been identified in certain production printers and office/small office multifunction printers. This vulnerability may allow a third party with administrator privileges to access sensitive information within the product by sending specially crafted requests through the browser based remote management function.
 
Affected Products
Certain production printers and office/small office multifunction printers.
For detailed information on affected models, please visit the website of your local Canon sales representative.
 
Mitigation/Remediation
With the security of our customers’ print infrastructure being of critical importance, we advise that the following guidelines are followed:
  • Avoid connecting products directly to public internet networks. Instead, when connecting to the internet, use a private IP address in an environment where the internet can be accessed from a secure private network, built with firewall products, wired routers or Wi-Fi routers.
  • Change the product’s default password to a new password.
  • Set up administrator and general user IDs and passwords.
  • Ensure that passwords and other similar settings for various functions are sufficiently difficult to guess.
  • If the product has single or multi-factor authentication functions, use them to confirm the identity of the end-user who is using the product.
  • Be aware of physical security needs, including those related to the location of the product, etc.
 
Please see here for more information on securing products when connecting to a network.
 
In addition to the above measures, firmware designed to address these issues for certain products will be either delivered via automatic updates or made available on the websites of your local Canon sales representatives. For further details, please refer to your local Canon sales representative's website.
 
CVE/CVSS
CVE-2026-1789: A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers.
  CVSS v4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.9
  CVSS v3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Base Score: 4.9