CVE-2026-23767
high-risk
Published 2026-03-05
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Sb-H50 Firmware
Tm-H6000V Firmware
Tm-L100 Firmware
Tm-M10 Firmware
Tm-M30 Firmware
Tm-M30Ii Firmware
Tm-M30Ii-H Firmware
Tm-M30Ii-S Firmware
Tm-M30Ii-Sl Firmware
Tm-M30Iii Firmware
Tm-M30Iii-H Firmware
Tm-M55 Firmware
Tm-P20Ii Firmware
Tm-P80Ii Firmware
Tm-P20 Firmware
Tm-P60Ii Firmware
Tm-P80 Firmware
Tm-T20Ii Firmware
Tm-T20Iii Firmware
Tm-T88Vi Firmware
Affected Vendors
References (3)
Third Party Advisory
https://jvn.jp/en/ta/JVNTA97995322/
Vendor Advisory
https://www.epson.jp/support/misc_t/260305_oshirase.htm
53
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
0/34 · Minimal
Exposure
21/34 · High