HP has disclosed multiple security vulnerabilities affecting hundreds of its laser printer models, with one critical flaw enabling potential attackers to smuggle and execute malicious code through Postscript print jobs.
The most severe vulnerability, identified as CVE-2025-26506, received a critical CVSS rating of 9.2. This flaw, along with two other security gaps rated high and medium risk, impacts LaserJet Pro, LaserJet Enterprise, and LaserJet Managed printer lines.
According to HP's security advisory, the vulnerabilities could allow unauthorized code to infiltrate networks during Postscript print job processing. The company has released firmware updates to address these security issues across approximately 120 different printer series.
The discovery comes shortly after HP identified separate critical flaws in its universal printer drivers for Postscript and PCL6. In a related development, competitor Lexmark also reported similar Postscript interpreter vulnerabilities in their printer software and firmware.
IT administrators are strongly advised to review their printer fleets for affected models and promptly install the available firmware updates to protect against potential exploitation.
While HP has not disclosed specific technical details about the vulnerabilities, the widespread nature of the affected devices and the high severity ratings underscore the need for swift action by organizations using these printers.