diff --git a/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
new file mode 100644
index 0000000..0aa9c99
--- /dev/null
+++ b/SOURCES/0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
@@ -0,0 +1,35 @@
+From de4f8c196106033e4c372dce3e91b9d42b0b9444 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 May 2022 06:27:04 +0200
+Subject: [PATCH] scheduler/cert.c: Fix string comparison (fixes
+ CVE-2022-26691)
+
+The previous algorithm didn't expect the strings can have a different
+length, so one string can be a substring of the other and such substring
+was reported as equal to the longer string.
+---
+ CHANGES.md       | 1 +
+ scheduler/cert.c | 9 ++++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/scheduler/cert.c b/scheduler/cert.c
+index b268bf1b2..9b65b96c9 100644
+--- a/scheduler/cert.c
++++ b/scheduler/cert.c
+@@ -444,5 +444,12 @@ ctcompare(const char *a,		/* I - First string */
+     b ++;
+   }
+ 
+-  return (result);
++ /*
++  * The while loop finishes when *a == '\0' or *b == '\0'
++  * so after the while loop either both *a and *b == '\0',
++  * or one points inside a string, so when we apply bitwise OR on *a,
++  * *b and result, we get a non-zero return value if the compared strings don't match.
++  */
++
++  return (result | *a | *b);
+ }
+-- 
+2.36.1
+
diff --git a/SPECS/cups.spec b/SPECS/cups.spec
index 8b0b442..a7acb64 100644
--- a/SPECS/cups.spec
+++ b/SPECS/cups.spec
@@ -17,7 +17,7 @@ Summary: CUPS printing system
 Name: cups
 Epoch: 1
 Version: 2.3.3%{OP_VER}
-Release: 13%{?dist}
+Release: 13%{?dist}.1
 License: ASL 2.0
 Url: http://www.cups.org/
 # Apple stopped uploading the new versions into github, use OpenPrinting fork
@@ -97,6 +97,8 @@ Patch25: cups-fips-restrict-md5.patch
 # Memory leak fixes (bug #1964975)
 # https://github.com/OpenPrinting/cups/pull/322
 Patch26: 0001-cups-http-encode-memleaks-fixes-issue-322.patch
+# CVE-2022-26691 cups: authorization bypass when using "local" authorization
+Patch27: 0001-scheduler-cert.c-Fix-string-comparison-fixes-CVE-202.patch
 
 
 ##### Patches removed because IMHO they aren't no longer needed
@@ -325,6 +327,8 @@ to CUPS daemon. This solution will substitute printer drivers and raw queues in 
 %patch25 -p1 -b .restrict-md5
 # 1964975 - Memory leak fixes
 %patch26 -p1 -b .memleak-fixes
+# CVE-2022-26691 cups: authorization bypass when using "local" authorization
+%patch27 -p1 -b .cve26691
 
 
 %if %{lspp}
@@ -749,6 +753,9 @@ rm -f %{cups_serverbin}/backend/smb
 %{_mandir}/man7/ippeveps.7.gz
 
 %changelog
+* Thu May 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.3.3op2-13.1
+- CVE-2022-26691 cups: authorization bypass when using "local" authorization
+
 * Thu Feb 24 2022 Richard Lescak <rlescak@redhat.com> - 1:2.3.3op2-13
 - 1964975 - added fix for uninit jump into the leaks patch