A vulnerability, which was classified as problematic , was found in PaperCut NG and MF up to 25.0.10 . Affected is an unknown function of the component Account Synchronization Component . Such manipulation leads to absolute path traversal. This vulnerability is listed as CVE-2026-6418 . The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.