PatchSiren cyber security CVE debrief
CVE-2026-39047 EPSON CVE debrief
CVE-2026-39047 is a HIGH-severity buffer overflow affecting the EPSON L14150 FL27PB RAW Printing Service (JetDirect) on TCP port 9100. The published description indicates a remote attacker could potentially execute arbitrary code. Because the affected service is network-reachable and the CVSS vector is network-based with no privileges or user interaction required, exposed printers or print services deserve prompt review and containment.
- Vendor
- EPSON
- Product
- L14150 FL27PB
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-20
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-20
Who should care
Printer fleet owners, IT administrators, network defenders, and incident responders responsible for Epson L14150 FL27PB devices or any printer endpoints exposing RAW printing on TCP/9100, especially in flat networks or environments reachable from untrusted segments.
Technical summary
The NVD record describes a buffer overflow in the RAW Printing Service (JetDirect) for EPSON L14150 FL27PB, reachable over TCP port 9100. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which indicates a remotely reachable issue with no required privileges or user interaction and a high availability impact. The record also maps the weakness to CWE-121 (stack-based buffer overflow). NVD lists the vulnerability status as 'Awaiting Analysis', so some implementation details may still evolve as the record is reviewed.
Defensive priority
High. The issue is network-reachable, unauthenticated, and can affect availability while potentially enabling arbitrary code execution, so exposed printer services should be treated as urgent exposure to reduce.
Recommended defensive actions
- Inventory Epson L14150 FL27PB devices and confirm whether TCP/9100 is reachable from any untrusted or broader internal network segments.
- Restrict access to RAW printing/JetDirect (TCP 9100) using firewall rules, ACLs, or printer VLAN segmentation so only approved print servers or management hosts can reach it.
- Apply vendor security guidance or firmware updates as soon as they are available, and verify the printer model/firmware match before rollout.
- If the service is not required, disable or remove direct RAW printing exposure and route printing through a controlled print service instead.
- Monitor for unexpected crashes, resets, or anomalous traffic targeting port 9100 on affected printers and print servers.
- Prioritize review of any internet-exposed or partner-exposed printer management networks, even if the printer itself is not directly public.
- Track the NVD and CVE.org records for updates because the record is marked 'Awaiting Analysis' and details may change.
Evidence notes
This debrief is based only on the supplied NVD record, the official CVE/NVD links, and the two referenced source URLs. The source metadata states: CVE-2026-39047 was published on 2026-05-20T16:16:25.630Z and modified on 2026-05-20T17:31:45.303Z; description: 'Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100'; CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; weakness: CWE-121. NVD vuln status is 'Awaiting Analysis'. No KEV entry or ransomware-campaign designation was provided in the corpus.
Official resources
CVE published 2026-05-20 and modified the same day. NVD currently marks the record as 'Awaiting Analysis'. This debrief avoids assuming any unverified vendor advisory details beyond the supplied CVE/NVD corpus and cited links.