Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Epson ESC/POS Printer Language Allows Unauthorized Access
CVE-2026-23767
Summary
Epson's printer control language lacks basic security features, making it possible for unauthorized users to send commands to printers and access sensitive information. This could allow hackers to print unauthorized documents, steal data, or disrupt printer operations. To mitigate this risk, consider using secure printer protocols or restricting access to printers through network configurations.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| epson | sb-h50_firmware | All versions | – |
| epson | tm-h6000v_firmware | All versions | – |
| epson | tm-l100_firmware | All versions | – |
| epson | tm-m10_firmware | All versions | – |
| epson | tm-m30_firmware | All versions | – |
| epson | tm-m30ii_firmware | All versions | – |
| epson | tm-m30ii-h_firmware | All versions | – |
| epson | tm-m30ii-s_firmware | All versions | – |
| epson | tm-m30ii-sl_firmware | All versions | – |
| epson | tm-m30iii_firmware | All versions | – |
| epson | tm-m30iii-h_firmware | All versions | – |
| epson | tm-m55_firmware | All versions | – |
| epson | tm-p20ii_firmware | All versions | – |
| epson | tm-p80ii_firmware | All versions | – |
| epson | tm-p20_firmware | All versions | – |
| epson | tm-p60ii_firmware | All versions | – |
| epson | tm-p80_firmware | All versions | – |
| epson | tm-t20ii_firmware | All versions | – |
| epson | tm-t20iii_firmware | All versions | – |
| epson | tm-t88vi_firmware | All versions | – |
| epson | tm-t88vi-ihub_firmware | All versions | – |
| epson | tm-t88vii_firmware | All versions | – |
| epson | ub-r04_firmware | All versions | – |
| epson | ub-e04_firmware | All versions | – |
Original title
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destina...
Original description
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
nvd CVSS3.1
9.8
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026