Critical RCE in HP DeskJet 2855e (CVE‑2026‑4682) Enables Remote Code Execution via SOAP Buffer Overflow
What It Is – A stack‑based buffer overflow in the JobStatusEvent SOAP handler of HP DeskJet 2855e printers allows an unauthenticated, network‑adjacent attacker to execute arbitrary code with root privileges.
Exploitability – The flaw is publicly disclosed, a proof‑of‑concept exists, and the CVSS v3.1 base score is 8.8 (High) (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No known active exploit‑as‑a‑service, but the vulnerability is trivial to weaponise in a targeted attack.
Affected Products – HP DeskJet 2855e (all firmware versions prior to HP’s 2026‑04‑15 security update).
TPRM Impact – Printers are often shared across departments and sit on the same LAN as critical business systems. A compromised printer can become a foothold for lateral movement, data exfiltration, or ransomware deployment, exposing the entire supply chain of any organization that relies on HP printing services.
Recommended Actions –
- Deploy HP’s firmware update (see HP advisory HP‑SBPI‑04110) immediately.
- Segregate printers onto a dedicated VLAN or isolated network segment.
- Disable or restrict SOAP/JobStatusEvent services if not required.
- Conduct an inventory of all HP DeskJet 2855e units and verify patch status.
- Monitor network traffic for anomalous SOAP requests to printer IPs.