RCE via WSD Scan Buffer Overflow in HP DeskJet All-in-One
CVE-2026-4682 Published on April 15, 2026

Certain HP DeskJet All In One (AIO) Devices – Potential Remote Code Execution & Potential Buffer Overflow
Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validated and handled by the MFP. WSD Scan is a Microsoft Windowsbased network scanning protocol that allows a PC to discover scanners (and MFPs) on a network and send scan jobs to them without requiring vendor specific drivers or utilities.

NVD

Weakness Type

What is a Stack Overflow Vulnerability?

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2026-4682 has been classified to as a Stack Overflow vulnerability or weakness.


Affected Versions

HP Inc HP DeskJet 2800e All-in-One Printer series: HP Inc HP DeskJet 4200 All-in-One Printer series: HP Inc HP DeskJet Ink Advantage 4200 All-in-One Printer series: HP Inc HP DeskJet 4200e All-in-One Printer series: HP Inc HP DeskJet Ink Advantage Ultra 4900 series: HP Inc HP DeskJet Ink Advantage 2800 All-in-One Printer series: