CVE-2023-27350 — PaperCut MF/NG

known ransomware use

PaperCut MF/NG Improper Access Control Vulnerability

Added to KEV

2023-04-21

Federal due date

2023-05-12

Vendor

PaperCut

Product

MF/NG

EPSS

99.9th percentile (score 0.943, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2023-27350

CISA short description

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.