Endpoint Vulnerability

PaperCut NG SetupCompleted Authentication Bypass Vulnerability

Description

Authentication bypass in PaperCut NG 22.0.5 (Build 63914) due to improper authentication algorithm and access control, allowing remote attackers to bypass login and execute arbitrary code as SYSTEM.

Outbreak Alert

CVE-2023-27350 allows for an unauthenticated attacker to execute Remote Code Execution (RCE) on a PaperCut Application Server. Vulnerability exists within the SetupCompleted class and according to the vendor, this could be achieved remotely and without the need to log in.

View the full Outbreak Alert Report

Affected Applications

PaperCut NG

Version Updates

Date	Version	Status	Detail
2023-12-13	1.00596	Modified	PaperCut NG
2023-04-20	1.00445	New	PaperCut NG

References

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

ID	4950
Created	Apr 20, 2023
Description Updated	Feb 13, 2026
CVE ID
Tags	PaperCut RCE Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	PaperCut Software
Patch	manual
Application	PaperCut NG

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

PaperCut NG SetupCompleted Authentication Bypass Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

PaperCut NG SetupCompleted Authentication Bypass Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center