CVE-2023-27350

ENISA EUVD: EUVD-2023-31126 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 6 articles Published: 2023-04-20

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.26%

probability

This CVE has a 94.26% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.

Affected Products

PaperCut

22.0.5 (Build 63914)

papercut

papercut mf

papercut

papercut ng

PaperCut

22.0.5 (Build 63914)

Attack Intelligence

CWE-284 · Improper Access Control

Exploits & PoC

horizon3ai/CVE-2023-27350

Proof of Concept Exploit for PaperCut CVE-2023-27350

56 2023-05-01

imancybersecurity/CVE-2023-27350-POC

12 2024-12-06

adhikara13/CVE-2023-27350

Exploit for Papercut CVE-2023-27350. [+] Reverse shell [+] Mass checking

9 2023-04-25

MaanVader/CVE-2023-27350-POC

A simple python script to check if a service is vulnerable

5 2023-05-12

monke443/CVE-2023-27350

Unauthenticated remote command execution in Papercut service allows an attacker to execute commands due to improper access controls in the SetupComple

4 2025-03-09

Ap0dexMe0/CVE-2023-27350

Perfom With Massive Authentication Bypass In PaperCut MF/NG

2 2023-07-24

Jenderal92/CVE-2023-27350

Python 2.7

0 2023-06-13

ASG-CASTLE/CVE-2023-27350

0 2024-04-19

rasan2001/CVE-2023-27350-Ongoing-Exploitation-of-PaperCut-Remote-Code-Execution-Vulnerability

0 2024-05-10

0xB0y426/CVE-2023-27350-PoC

PoC for CVE-2023-27350

0 2025-04-14

Royall-Researchers/CVE-2023-27350

Papercut Vulnerability, Affected Versions are PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms.

0 2025-07-05

dezso-dfield/CVE-2023-27350

PaperCut NG/MG Authentication Bypass and Remote Code Execution (RCE) Exploit Tool. A standalone Bash implementation of the PaperCut exploit chain, fea

0 2025-12-19

12 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.zerodayinitiative.com/advisories/ZDI-23-233/

https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

http://packetstormsecurity.com/files/171982/PaperCut-MF-NG-Authentication-Bypass-Remote-Code-Execution.html

http://packetstormsecurity.com/files/172022/PaperCut-NG-MG-22.0.4-Authentication-Bypass.html

https://news.sophos.com/en-us/2023/04/27/increased-exploitation-of-papercut-drawing-blood-around-the-internet/

http://packetstormsecurity.com/files/172512/PaperCut-NG-MG-22.0.4-Remote-Code-Execution.html

Signal Intelligence

Confidenceⓘ

85%

EPSS 94.26%

CVSS v3.0 9.8

Mentions 6

Last Seen May 08, 2025

CNA Information

CNA Assigner

zdi

Analyst Note

CVE-2023-27350 is a critical PaperCut vulnerability (CVSS 9.8) with documented evidence of active exploitation in the wild against unpatched servers. Article [5] explicitly names this CVE and describes active exploitation with new bypass techniques discovered post-disclosure, consistent with zero-day exploitation patterns in 2023.