Search criteria

6408 vulnerabilities

CVE-2026-20243 (GCVE-0-2026-20243)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:30 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV ALZ Archive Processing Denial of Service Vulnerability
Summary
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20243",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:19:13.065202Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:30:20.848Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwu18798"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV ALZ Archive Processing Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20243",
    "datePublished": "2026-07-01T16:30:20.848Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-07-01T17:25:08.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20244 (GCVE-0-2026-20244)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV DMG File Processing Denial of Service Vulnerability
Summary
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:17:32.499689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.394Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:28:27.613Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwu22472"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV DMG File Processing Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20244",
    "datePublished": "2026-07-01T16:28:27.613Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-07-01T17:25:08.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20215 (GCVE-0-2026-20215)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20215",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:17:41.483279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z\u0026nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:28:09.844Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwt62781"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20215",
    "datePublished": "2026-07-01T16:28:09.844Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-07-01T17:25:08.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20217 (GCVE-0-2026-20217)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:17:51.378262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:28:03.720Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwt57454"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20217",
    "datePublished": "2026-07-01T16:28:03.720Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-07-01T17:25:08.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20216 (GCVE-0-2026-20216)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability
Summary
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20216",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:18:03.116587Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:27:51.314Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwt44538"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20216",
    "datePublished": "2026-07-01T16:27:51.314Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-07-01T17:25:08.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20213 (GCVE-0-2026-20213)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:18:10.967118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:08.998Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:27:38.657Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwt62774"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20213",
    "datePublished": "2026-07-01T16:27:38.657Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-07-01T17:25:08.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20214 (GCVE-0-2026-20214)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI?
Title
ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CWE
  • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Endpoint Affected: 7.0.5
Affected: 6.2.19
Affected: 7.3.3
Affected: 7.2.13
Affected: 6.1.5
Affected: 6.3.1
Affected: 6.2.5
Affected: 7.3.5
Affected: 6.2.1
Affected: 7.2.7
Affected: 7.1.1
Affected: 6.3.5
Affected: 6.2.9
Affected: 7.3.1
Affected: 6.1.7
Affected: 7.2.11
Affected: 7.2.3
Affected: 7.1.5
Affected: 6.3.3
Affected: 7.3.9
Affected: 6.2.3
Affected: 6.1.9
Affected: 6.0.9
Affected: 7.2.5
Affected: 6.0.7
Affected: 6.3.7
Affected: 1.12.3
Affected: 1.8.0
Affected: 1.11.1
Affected: 1.12.4
Affected: 1.10.0
Affected: 1.12.0
Affected: 1.8.1
Affected: 1.10.1
Affected: 1.12.1
Affected: 1.12.6
Affected: 1.14.0
Affected: 1.10.2
Affected: 1.12.7
Affected: 1.12.2
Affected: 1.6.0
Affected: 1.9.0
Affected: 1.11.0
Affected: 1.7.0
Affected: 1.13.0
Affected: 1.8.4
Affected: 1.13.1
Affected: 1.9.1
Affected: 1.12.5
Affected: 1.13.2
Affected: 8.1.7.21512
Affected: 8.1.7
Affected: 8.1.5
Affected: 8.1.3.21242
Affected: 8.1.3
Affected: 8.1.5.21322
Affected: 8.1.7.21417
Affected: 1.14.1
Affected: 1.15.1
Affected: 1.15.2
Affected: 1.15.3
Affected: 1.15.4
Affected: 1.15.5
Affected: 1.15.6
Affected: 1.16.0
Affected: 1.16.1
Affected: 1.16.2
Affected: 1.16.3
Affected: 1.18.0
Affected: 1.18.1
Affected: 1.20.0
Affected: 1.21.0
Affected: 1.21.1
Affected: 1.21.2
Affected: 1.21.3
Affected: 1.22.0
Affected: 1.22.1
Affected: 1.22.2
Affected: 1.22.3
Affected: 1.22.4
Affected: 1.24.0
Affected: 1.24.1
Affected: 1.24.2
Affected: 1.24.3
Affected: 1.24.4
Affected: 1.26.0
Affected: 1.24.5
Affected: 1.26.1
Affected: 1.27.0
Affected: 1.15.0
Affected: 1.17.0
Affected: 1.17.1
Affected: 1.17.2
Affected: 1.19.0
Affected: 1.20.1
Affected: 1.20.2
Affected: 1.20.3
Affected: 1.20.4
Affected: 1.20.5
Affected: 1.20.6
Affected: 1.23.0
Affected: 1.23.1
Affected: 1.20.7
Affected: 1.20.8
Affected: 1.25.0
Affected: 1.25.1
Affected: 1.25.2
Affected: 1.27.1
Affected: 1.27.2
Affected: 7.3.13
Affected: 7.3.15
Affected: 7.4.1
Affected: 7.4.1.20425
Affected: 7.4.1.20439
Affected: 7.4.3
Affected: 7.4.3.20679
Affected: 7.4.5
Affected: 7.5.1.20813
Affected: 7.5.1.20833
Affected: 7.5.3
Affected: 7.5.5
Affected: 8.0.1.21160
Affected: 8.0.1.21164
Affected: 7.5.7
Affected: 7.5.9
Affected: 7.5.11
Affected: 8.1.7.21585
Affected: 7.5.13.21586
Affected: 7.5.13.21598
Affected: 8.2.1.21612
Affected: 8.2.1.21650
Affected: 7.5.15.21611
Affected: 7.5.17.21680
Affected: 8.2.3.30119
Affected: 8.2.4.30130
Affected: 8.4.0
Affected: 7.5.19
Affected: 8.4.1.30298
Affected: 8.4.2.30317
Affected: 8.4.1.30307
Affected: 7.5.20
Affected: 8.4.3
Affected: 8.4.4.30419
Affected: 8.4.4.30467
Affected: 7.5.21.21732
Affected: 8.4.5.30483
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20214",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:18:19.481926Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:09.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.9"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.11.1"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "8.1.7.21512"
            },
            {
              "status": "affected",
              "version": "8.1.7"
            },
            {
              "status": "affected",
              "version": "8.1.5"
            },
            {
              "status": "affected",
              "version": "8.1.3.21242"
            },
            {
              "status": "affected",
              "version": "8.1.3"
            },
            {
              "status": "affected",
              "version": "8.1.5.21322"
            },
            {
              "status": "affected",
              "version": "8.1.7.21417"
            },
            {
              "status": "affected",
              "version": "1.14.1"
            },
            {
              "status": "affected",
              "version": "1.15.1"
            },
            {
              "status": "affected",
              "version": "1.15.2"
            },
            {
              "status": "affected",
              "version": "1.15.3"
            },
            {
              "status": "affected",
              "version": "1.15.4"
            },
            {
              "status": "affected",
              "version": "1.15.5"
            },
            {
              "status": "affected",
              "version": "1.15.6"
            },
            {
              "status": "affected",
              "version": "1.16.0"
            },
            {
              "status": "affected",
              "version": "1.16.1"
            },
            {
              "status": "affected",
              "version": "1.16.2"
            },
            {
              "status": "affected",
              "version": "1.16.3"
            },
            {
              "status": "affected",
              "version": "1.18.0"
            },
            {
              "status": "affected",
              "version": "1.18.1"
            },
            {
              "status": "affected",
              "version": "1.20.0"
            },
            {
              "status": "affected",
              "version": "1.21.0"
            },
            {
              "status": "affected",
              "version": "1.21.1"
            },
            {
              "status": "affected",
              "version": "1.21.2"
            },
            {
              "status": "affected",
              "version": "1.21.3"
            },
            {
              "status": "affected",
              "version": "1.22.0"
            },
            {
              "status": "affected",
              "version": "1.22.1"
            },
            {
              "status": "affected",
              "version": "1.22.2"
            },
            {
              "status": "affected",
              "version": "1.22.3"
            },
            {
              "status": "affected",
              "version": "1.22.4"
            },
            {
              "status": "affected",
              "version": "1.24.0"
            },
            {
              "status": "affected",
              "version": "1.24.1"
            },
            {
              "status": "affected",
              "version": "1.24.2"
            },
            {
              "status": "affected",
              "version": "1.24.3"
            },
            {
              "status": "affected",
              "version": "1.24.4"
            },
            {
              "status": "affected",
              "version": "1.26.0"
            },
            {
              "status": "affected",
              "version": "1.24.5"
            },
            {
              "status": "affected",
              "version": "1.26.1"
            },
            {
              "status": "affected",
              "version": "1.27.0"
            },
            {
              "status": "affected",
              "version": "1.15.0"
            },
            {
              "status": "affected",
              "version": "1.17.0"
            },
            {
              "status": "affected",
              "version": "1.17.1"
            },
            {
              "status": "affected",
              "version": "1.17.2"
            },
            {
              "status": "affected",
              "version": "1.19.0"
            },
            {
              "status": "affected",
              "version": "1.20.1"
            },
            {
              "status": "affected",
              "version": "1.20.2"
            },
            {
              "status": "affected",
              "version": "1.20.3"
            },
            {
              "status": "affected",
              "version": "1.20.4"
            },
            {
              "status": "affected",
              "version": "1.20.5"
            },
            {
              "status": "affected",
              "version": "1.20.6"
            },
            {
              "status": "affected",
              "version": "1.23.0"
            },
            {
              "status": "affected",
              "version": "1.23.1"
            },
            {
              "status": "affected",
              "version": "1.20.7"
            },
            {
              "status": "affected",
              "version": "1.20.8"
            },
            {
              "status": "affected",
              "version": "1.25.0"
            },
            {
              "status": "affected",
              "version": "1.25.1"
            },
            {
              "status": "affected",
              "version": "1.25.2"
            },
            {
              "status": "affected",
              "version": "1.27.1"
            },
            {
              "status": "affected",
              "version": "1.27.2"
            },
            {
              "status": "affected",
              "version": "7.3.13"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.1.20425"
            },
            {
              "status": "affected",
              "version": "7.4.1.20439"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            },
            {
              "status": "affected",
              "version": "7.4.3.20679"
            },
            {
              "status": "affected",
              "version": "7.4.5"
            },
            {
              "status": "affected",
              "version": "7.5.1.20813"
            },
            {
              "status": "affected",
              "version": "7.5.1.20833"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "8.0.1.21160"
            },
            {
              "status": "affected",
              "version": "8.0.1.21164"
            },
            {
              "status": "affected",
              "version": "7.5.7"
            },
            {
              "status": "affected",
              "version": "7.5.9"
            },
            {
              "status": "affected",
              "version": "7.5.11"
            },
            {
              "status": "affected",
              "version": "8.1.7.21585"
            },
            {
              "status": "affected",
              "version": "7.5.13.21586"
            },
            {
              "status": "affected",
              "version": "7.5.13.21598"
            },
            {
              "status": "affected",
              "version": "8.2.1.21612"
            },
            {
              "status": "affected",
              "version": "8.2.1.21650"
            },
            {
              "status": "affected",
              "version": "7.5.15.21611"
            },
            {
              "status": "affected",
              "version": "7.5.17.21680"
            },
            {
              "status": "affected",
              "version": "8.2.3.30119"
            },
            {
              "status": "affected",
              "version": "8.2.4.30130"
            },
            {
              "status": "affected",
              "version": "8.4.0"
            },
            {
              "status": "affected",
              "version": "7.5.19"
            },
            {
              "status": "affected",
              "version": "8.4.1.30298"
            },
            {
              "status": "affected",
              "version": "8.4.2.30317"
            },
            {
              "status": "affected",
              "version": "8.4.1.30307"
            },
            {
              "status": "affected",
              "version": "7.5.20"
            },
            {
              "status": "affected",
              "version": "8.4.3"
            },
            {
              "status": "affected",
              "version": "8.4.4.30419"
            },
            {
              "status": "affected",
              "version": "8.4.4.30467"
            },
            {
              "status": "affected",
              "version": "7.5.21.21732"
            },
            {
              "status": "affected",
              "version": "8.4.5.30483"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:27:33.622Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-88cFYyxR",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-88cFYyxR",
        "defects": [
          "CSCwt62779"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20214",
    "datePublished": "2026-07-01T16:27:33.622Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-07-01T17:25:09.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20191 (GCVE-0-2026-20191)

Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI?
Title
Cisco Catalyst Center Arbitrary File Read Vulnerability
Summary
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst Center Affected: 2.3.7.0-VA
Affected: 2.3.7.5-VA
Affected: 2.3.7.6-VA
Affected: 2.3.7.7-VA
Affected: 2.3.7.9-VA
Affected: 3.1.3
Affected: 3.1.3-VA
Affected: 2.3.7.10-VA
Affected: 3.1.5
Affected: 3.1.5-VA
Affected: 3.1.5-VA on AWS
Affected: 3.1.5-RevUp
Affected: 3.1.6
Affected: 3.1.6-VA
Affected: 3.1.6-BETA
Affected: 3.1.6-GSMU100
Affected: 3.1.6-VA-GSMU100
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20191",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T17:18:27.744122Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T17:25:09.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.7.0-VA"
            },
            {
              "status": "affected",
              "version": "2.3.7.5-VA"
            },
            {
              "status": "affected",
              "version": "2.3.7.6-VA"
            },
            {
              "status": "affected",
              "version": "2.3.7.7-VA"
            },
            {
              "status": "affected",
              "version": "2.3.7.9-VA"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "3.1.3-VA"
            },
            {
              "status": "affected",
              "version": "2.3.7.10-VA"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "3.1.5-VA"
            },
            {
              "status": "affected",
              "version": "3.1.5-VA on AWS"
            },
            {
              "status": "affected",
              "version": "3.1.5-RevUp"
            },
            {
              "status": "affected",
              "version": "3.1.6"
            },
            {
              "status": "affected",
              "version": "3.1.6-VA"
            },
            {
              "status": "affected",
              "version": "3.1.6-BETA"
            },
            {
              "status": "affected",
              "version": "3.1.6-GSMU100"
            },
            {
              "status": "affected",
              "version": "3.1.6-VA-GSMU100"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.\u0026nbsp;\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:27:32.642Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-catc-file-read-wLH2vf8X",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X"
        }
      ],
      "source": {
        "advisory": "cisco-sa-catc-file-read-wLH2vf8X",
        "defects": [
          "CSCwt73509"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catalyst Center Arbitrary File Read Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20191",
    "datePublished": "2026-07-01T16:27:32.642Z",
    "dateReserved": "2025-10-08T11:59:15.395Z",
    "dateUpdated": "2026-07-01T17:25:09.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20266 (GCVE-0-2026-20266)

Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
VLAI?
Title
OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
Summary
In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
CWE
  • CWE-78 - The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
Create a notification for this product.
Credits
Gabriel Nitu, Splunk
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T18:03:52.980872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T18:04:08.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk AI Toolkit",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "5.7.4",
              "status": "affected",
              "version": "5.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gabriel Nitu, Splunk"
        }
      ],
      "datePublic": "2026-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
            }
          ],
          "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T17:07:24.598Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0614"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0614"
      },
      "title": "OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20266",
    "datePublished": "2026-06-17T17:07:24.598Z",
    "dateReserved": "2025-10-08T11:59:15.402Z",
    "dateUpdated": "2026-06-17T18:04:08.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20265 (GCVE-0-2026-20265)

Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
VLAI?
Title
Insecure Default Domain Allowlist in Splunk AI Toolkit
Summary
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
CWE
  • CWE-1188 - The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
Create a notification for this product.
Credits
Gabriel Nitu, Splunk
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T18:04:24.981105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T18:04:30.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk AI Toolkit",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "5.7.4",
              "status": "affected",
              "version": "5.7",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gabriel Nitu, Splunk"
        }
      ],
      "datePublic": "2026-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
            }
          ],
          "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T17:07:19.943Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0613"
      },
      "title": "Insecure Default Domain Allowlist in Splunk AI Toolkit"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20265",
    "datePublished": "2026-06-17T17:07:19.943Z",
    "dateReserved": "2025-10-08T11:59:15.402Z",
    "dateUpdated": "2026-06-17T18:04:30.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20178 (GCVE-0-2026-20178)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:28 – Updated: 2026-06-17 18:13
VLAI?
Summary
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website.
CWE
  • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20178",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T18:13:20.277003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T18:13:35.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex App",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed.\r\n\r This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:28:34.825Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webex-app-redirect-KOyxhffH",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-app-redirect-KOyxhffH",
        "defects": [
          "CSCwt98312"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20178",
    "datePublished": "2026-06-17T16:28:34.825Z",
    "dateReserved": "2025-10-08T11:59:15.392Z",
    "dateUpdated": "2026-06-17T18:13:35.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20246 (GCVE-0-2026-20246)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:17
VLAI?
Title
Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
Summary
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Umbrella Insights Virtual Appliance Affected: 2.6.0
Affected: 2.5.6
Affected: 2.5
Affected: 2.4.12
Affected: 2.7
Affected: 2.6.2
Affected: 2.5.5
Affected: 2.5.4
Affected: 2.8
Affected: 2.6.1
Affected: 2.5.7
Affected: 1.5.4
Affected: 1.5.5
Affected: 1.5.6
Affected: 2.0.0
Affected: 2.0.2
Affected: 2.0.3
Affected: 2.1.0
Affected: 2.1.2
Affected: 2.1.4
Affected: 2.1.5
Affected: 2.2
Affected: 2.2.1
Affected: 2.3
Affected: 2.3.1
Affected: 2.4
Affected: 2.4.4
Affected: 2.4.6
Affected: 2.8.9
Affected: 3.0
Affected: 3.1
Affected: 3.2
Affected: 2.8.1
Affected: 2.8.2
Affected: 2.8.3
Affected: 2.8.4
Affected: 2.8.5
Affected: 3.0.1
Affected: 3.0.2
Affected: 3.0.4
Affected: 3.0.5
Affected: 3.1.1
Affected: 3.1.2
Affected: 3.1.3
Affected: 3.1.4
Affected: 3.2.1
Affected: 3.2.2
Affected: 3.2.3
Affected: 3.3
Affected: 3.3.1
Affected: 3.3.2
Affected: 3.3.3
Affected: 3.3.4
Affected: 3.4
Affected: 3.4.1
Affected: 3.4.2
Affected: 3.4.3
Affected: 3.4.4
Affected: 3.4.5
Affected: 3.4.6
Affected: 3.5
Affected: 2.7.1
Affected: 2.7.2
Affected: 2.7.6
Affected: 2.7.9
Affected: 2.7.10
Affected: 3.5.1
Affected: 3.5.2
Affected: 3.6.1
Affected: 3.6.2
Affected: 3.7
Affected: 3.7.1
Affected: 3.8.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:15:44.900787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:17:13.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Umbrella Insights Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.0"
            },
            {
              "status": "affected",
              "version": "2.5.6"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.4.12"
            },
            {
              "status": "affected",
              "version": "2.7"
            },
            {
              "status": "affected",
              "version": "2.6.2"
            },
            {
              "status": "affected",
              "version": "2.5.5"
            },
            {
              "status": "affected",
              "version": "2.5.4"
            },
            {
              "status": "affected",
              "version": "2.8"
            },
            {
              "status": "affected",
              "version": "2.6.1"
            },
            {
              "status": "affected",
              "version": "2.5.7"
            },
            {
              "status": "affected",
              "version": "1.5.4"
            },
            {
              "status": "affected",
              "version": "1.5.5"
            },
            {
              "status": "affected",
              "version": "1.5.6"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.2"
            },
            {
              "status": "affected",
              "version": "2.0.3"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.1.2"
            },
            {
              "status": "affected",
              "version": "2.1.4"
            },
            {
              "status": "affected",
              "version": "2.1.5"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.4.4"
            },
            {
              "status": "affected",
              "version": "2.4.6"
            },
            {
              "status": "affected",
              "version": "2.8.9"
            },
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "2.8.1"
            },
            {
              "status": "affected",
              "version": "2.8.2"
            },
            {
              "status": "affected",
              "version": "2.8.3"
            },
            {
              "status": "affected",
              "version": "2.8.4"
            },
            {
              "status": "affected",
              "version": "2.8.5"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.3.2"
            },
            {
              "status": "affected",
              "version": "3.3.3"
            },
            {
              "status": "affected",
              "version": "3.3.4"
            },
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.4.2"
            },
            {
              "status": "affected",
              "version": "3.4.3"
            },
            {
              "status": "affected",
              "version": "3.4.4"
            },
            {
              "status": "affected",
              "version": "3.4.5"
            },
            {
              "status": "affected",
              "version": "3.4.6"
            },
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "status": "affected",
              "version": "2.7.1"
            },
            {
              "status": "affected",
              "version": "2.7.2"
            },
            {
              "status": "affected",
              "version": "2.7.6"
            },
            {
              "status": "affected",
              "version": "2.7.9"
            },
            {
              "status": "affected",
              "version": "2.7.10"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.5.2"
            },
            {
              "status": "affected",
              "version": "3.6.1"
            },
            {
              "status": "affected",
              "version": "3.6.2"
            },
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "3.8.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:17:13.708Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU"
        }
      ],
      "source": {
        "advisory": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
        "defects": [
          "CSCwt75291"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20246",
    "datePublished": "2026-06-17T16:17:13.708Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-06-17T17:17:13.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20220 (GCVE-0-2026-20220)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:16
VLAI?
Title
Cisco Crosswork Network Controller Remote Code Execution Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an&nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration&nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.&nbsp; To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.&nbsp;
CWE
  • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Crosswork Network Change Automation Affected: 3.0.0
Affected: 3.0.1
Affected: 1.0.0
Affected: 2.0.0
Affected: 2.0.1
Affected: 3.0.2
Affected: 2.0.2
Affected: 3.0.3
Affected: 4.0.0
Affected: 4.1.0
Affected: 4.5.0
Affected: 4.1.1
Affected: 5.0.0
Affected: 4.5.1
Affected: 4.1.2
Affected: 5.0.1
Affected: 4.5.2
Affected: 5.0.2
Affected: 4.1.3
Affected: 6.0.0
Affected: 7.0.0
Affected: 4.1.4
Affected: 6.0.2
Affected: 5.0.3
Affected: 6.0.3
Affected: 5.0.4
Affected: 7.0.1
Affected: 6.0.4
Affected: 7.0.2
Affected: 7.1.0
Affected: 5.0.5
Affected: 7.0.3
Affected: 7.0.4
Affected: 7.1.1
Affected: 7.0.5
Affected: 7.2.0
Affected: 7.1.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20220",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:13:43.754531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:16:59.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Crosswork Network Change Automation",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "1.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "2.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.3"
            },
            {
              "status": "affected",
              "version": "4.0.0"
            },
            {
              "status": "affected",
              "version": "4.1.0"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            },
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "4.5.2"
            },
            {
              "status": "affected",
              "version": "5.0.2"
            },
            {
              "status": "affected",
              "version": "4.1.3"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "4.1.4"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "5.0.3"
            },
            {
              "status": "affected",
              "version": "6.0.3"
            },
            {
              "status": "affected",
              "version": "5.0.4"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.4"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "5.0.5"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an\u0026nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation in the configuration\u0026nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.\u0026nbsp;\r\nTo exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:17:06.545Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cnc-inj-QNMeEmxk",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cnc-inj-QNMeEmxk",
        "defects": [
          "CSCwt44379"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Crosswork Network Controller Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20220",
    "datePublished": "2026-06-17T16:17:06.545Z",
    "dateReserved": "2025-10-08T11:59:15.398Z",
    "dateUpdated": "2026-06-17T17:16:59.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20190 (GCVE-0-2026-20190)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:16
VLAI?
Title
Cisco Identity Services Engine Information Disclosure Vulnerability
Summary
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
CWE
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Identity Services Engine Software Affected: 3.4.0
Affected: 3.4 Patch 1
Affected: 3.4 Patch 2
Affected: 3.4 Patch 3
Affected: 3.5.0
Affected: 3.4 Patch 4
Affected: 3.5 Patch 1
Affected: 3.4 Patch 5
Affected: 3.5 Patch 2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:14:11.061077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:16:45.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco ISE Passive Identity Connector",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:17:04.911Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-multi-G5WP8vv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-multi-G5WP8vv",
        "defects": [
          "CSCwt22936"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Identity Services Engine Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20190",
    "datePublished": "2026-06-17T16:17:04.911Z",
    "dateReserved": "2025-10-08T11:59:15.395Z",
    "dateUpdated": "2026-06-17T17:16:45.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20181 (GCVE-0-2026-20181)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:16 – Updated: 2026-06-18 03:56
VLAI?
Title
Cisco Identity Services Engine Remote Code Execution Vulnerability
Summary
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Identity Services Engine Software Affected: 3.1.0
Affected: 3.1.0 p1
Affected: 3.1.0 p3
Affected: 3.1.0 p2
Affected: 3.2.0
Affected: 3.1.0 p4
Affected: 3.1.0 p5
Affected: 3.2.0 p1
Affected: 3.1.0 p6
Affected: 3.2.0 p2
Affected: 3.1.0 p7
Affected: 3.3.0
Affected: 3.2.0 p3
Affected: 3.2.0 p4
Affected: 3.1.0 p8
Affected: 3.2.0 p5
Affected: 3.2.0 p6
Affected: 3.1.0 p9
Affected: 3.3 Patch 2
Affected: 3.3 Patch 1
Affected: 3.3 Patch 3
Affected: 3.4.0
Affected: 3.2.0 p7
Affected: 3.3 Patch 4
Affected: 3.4 Patch 1
Affected: 3.1.0 p10
Affected: 3.3 Patch 5
Affected: 3.3 Patch 6
Affected: 3.4 Patch 2
Affected: 3.3 Patch 7
Affected: 3.4 Patch 3
Affected: 3.5.0
Affected: 3.4 Patch 4
Affected: 3.3 Patch 8
Affected: 3.2 Patch 8
Affected: 3.5 Patch 1
Affected: 3.3 Patch 9
Affected: 3.2 Patch 9
Affected: 3.4 Patch 5
Affected: 3.5 Patch 3
Affected: 3.5 Patch 2
Affected: 3.3 Patch 10
Affected: 3.2 Patch 10
Affected: 3.1.0 p11
Create a notification for this product.
    Cisco Cisco ISE Passive Identity Connector Affected: 3.2.0
Affected: 3.1.0
Affected: 3.3.0
Affected: 3.4.0
Affected: 3.5.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20181",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T03:56:44.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p3"
            },
            {
              "status": "affected",
              "version": "3.1.0 p2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p6"
            },
            {
              "status": "affected",
              "version": "3.2.0 p2"
            },
            {
              "status": "affected",
              "version": "3.1.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p3"
            },
            {
              "status": "affected",
              "version": "3.2.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p8"
            },
            {
              "status": "affected",
              "version": "3.2.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p6"
            },
            {
              "status": "affected",
              "version": "3.1.0 p9"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p10"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 6"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 7"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 8"
            },
            {
              "status": "affected",
              "version": "3.2 Patch 8"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 9"
            },
            {
              "status": "affected",
              "version": "3.2 Patch 9"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 10"
            },
            {
              "status": "affected",
              "version": "3.2 Patch 10"
            },
            {
              "status": "affected",
              "version": "3.1.0 p11"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco ISE Passive Identity Connector",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:16:56.706Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-multi-G5WP8vv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-multi-G5WP8vv",
        "defects": [
          "CSCwt22913"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Identity Services Engine Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20181",
    "datePublished": "2026-06-17T16:16:56.706Z",
    "dateReserved": "2025-10-08T11:59:15.393Z",
    "dateUpdated": "2026-06-18T03:56:44.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20262 (GCVE-0-2026-20262)

Vulnerability from cvelistv5 – Published: 2026-06-15 16:21 – Updated: 2026-06-17 03:55
VLAI?
Title
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
Affected: 19.2.1
Affected: 18.4.4
Affected: 18.4.5
Affected: 20.1.1.1
Affected: 20.1.1
Affected: 19.3.0
Affected: 19.2.2
Affected: 19.2.099
Affected: 18.3.6
Affected: 18.3.7
Affected: 19.2.0
Affected: 18.3.8
Affected: 19.0.0
Affected: 19.1.0
Affected: 18.4.302
Affected: 18.4.303
Affected: 19.2.097
Affected: 19.2.098
Affected: 17.2.10
Affected: 18.3.6.1
Affected: 19.0.1a
Affected: 18.2.0
Affected: 18.4.3
Affected: 18.4.1
Affected: 17.2.8
Affected: 18.3.3.1
Affected: 18.4.0
Affected: 18.3.1
Affected: 17.2.6
Affected: 17.2.9
Affected: 18.3.4
Affected: 17.2.5
Affected: 18.3.1.1
Affected: 18.3.5
Affected: 18.4.0.1
Affected: 18.3.3
Affected: 17.2.7
Affected: 17.2.4
Affected: 18.3.0
Affected: 19.2.3
Affected: 18.4.501_ES
Affected: 20.3.1
Affected: 20.1.2
Affected: 19.2.929
Affected: 19.2.31
Affected: 20.3.2
Affected: 19.2.32
Affected: 20.3.2_925
Affected: 20.3.2.1
Affected: 20.3.2.1_927
Affected: 18.4.6
Affected: 20.1.2_937
Affected: 20.4.1
Affected: 20.3.2_928
Affected: 20.3.2_929
Affected: 20.4.1.0.1
Affected: 20.3.2.1_930
Affected: 19.2.4
Affected: 20.5.0.1.1
Affected: 20.4.1.1
Affected: 20.3.3
Affected: 19.2.4.0.1
Affected: 20.3.2_937
Affected: 20.3.3.1
Affected: 20.5.1
Affected: 20.1.3
Affected: 20.3.3.0.4
Affected: 20.3.3.1.2
Affected: 20.3.3.1.1
Affected: 20.4.1.2
Affected: 20.3.3.0.2
Affected: 20.4.1.1.5
Affected: 20.4.1.0.01
Affected: 20.4.1.0.02
Affected: 20.3.3.1.7
Affected: 20.3.3.1.5
Affected: 20.5.1.0.1
Affected: 20.3.3.1.10
Affected: 20.3.3.0.8
Affected: 20.4.2
Affected: 20.4.2.0.1
Affected: 20.3.4
Affected: 20.3.3.0.14
Affected: 19.2.4.0.8
Affected: 19.2.4.0.9
Affected: 20.3.4.0.1
Affected: 20.3.2.0.5
Affected: 20.6.1
Affected: 20.5.1.0.2
Affected: 20.3.3.0.17
Affected: 20.6.1.1
Affected: 20.6.0.18.3
Affected: 20.3.2.0.6
Affected: 20.6.0.18.4
Affected: 20.4.2.0.2
Affected: 20.3.3.0.16
Affected: 20.3.4.0.5
Affected: 20.6.1.0.1
Affected: 20.3.4.0.6
Affected: 20.6.2
Affected: 20.7.1EFT2
Affected: 20.3.4.0.9
Affected: 20.3.4.0.11
Affected: 20.4.2.0.4
Affected: 20.3.3.0.18
Affected: 20.7.1
Affected: 20.6.2.1
Affected: 20.3.4.1
Affected: 20.5.1.1
Affected: 20.4.2.1
Affected: 20.4.2.1.1
Affected: 20.3.4.1.1
Affected: 20.3.813
Affected: 20.3.4.0.19
Affected: 20.4.2.2.1
Affected: 20.5.1.2
Affected: 20.3.4.2
Affected: 20.3.814
Affected: 20.4.2.2
Affected: 20.6.2.2
Affected: 20.3.4.2.1
Affected: 20.7.1.1
Affected: 20.3.4.1.2
Affected: 20.6.2.2.2
Affected: 20.3.4.0.20
Affected: 20.6.2.2.3
Affected: 20.4.2.2.2
Affected: 20.3.5
Affected: 20.6.2.0.4
Affected: 20.4.2.2.3
Affected: 20.3.4.0.24
Affected: 20.6.2.2.7
Affected: 20.6.3
Affected: 20.3.4.2.2
Affected: 20.4.2.2.4
Affected: 20.7.1.0.2
Affected: 20.8.1
Affected: 20.3.5.0.8
Affected: 20.3.5.0.9
Affected: 20.4.2.2.8
Affected: 20.3.5.0.7
Affected: 20.6.3.0.7
Affected: 20.6.3.0.5
Affected: 20.6.3.0.10
Affected: 20.6.3.0.2
Affected: 20.7.2
Affected: 20.9.1EFT2
Affected: 20.6.3.0.11
Affected: 20.6.3.1
Affected: 20.6.3.0.14
Affected: 20.6.4
Affected: 20.9.1
Affected: 20.6.3.0.19
Affected: 20.6.3.0.18
Affected: 20.3.6
Affected: 20.9.1.1
Affected: 20.6.3.0.23
Affected: 20.6.4.0.4
Affected: 20.6.3.0.25
Affected: 20.6.5
Affected: 20.6.3.0.27
Affected: 20.9.2
Affected: 20.9.2.1
Affected: 20.6.3.0.29
Affected: 20.6.3.0.31
Affected: 20.6.3.0.32
Affected: 20.10.1
Affected: 20.6.3.0.33
Affected: 20.9.2.0.01
Affected: 20.9.1_LI_Images
Affected: 20.10.1_LI_Images
Affected: 20.9.2_LI_Images
Affected: 20.3.7
Affected: 20.9.3
Affected: 20.6.5.1
Affected: 20.11.1
Affected: 20.11.1_LI_Images
Affected: 20.9.3_LI_ Images
Affected: 20.6.3.1.1
Affected: 20.9.3.0.2
Affected: 20.6.5.1.2
Affected: 20.9.3.0.3
Affected: 20.4.2.3
Affected: 20.6.3.2
Affected: 20.6.4.1
Affected: 20.6.3.0.38
Affected: 20.6.3.0.39
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.9.3.1
Affected: 20.3.3.2
Affected: 20.6.5.2
Affected: 20.3.7.1
Affected: 20.10.1.1
Affected: 20.6.5.2.1
Affected: 20.3.4.0.25
Affected: 20.6.2.2.4
Affected: 20.6.1.2
Affected: 20.11.1.1
Affected: 20.9.3.0.5
Affected: 20.3.4.0.26
Affected: 20.6.5.1.3
Affected: 20.6.3.0.40
Affected: 20.1.3.1
Affected: 20.9.2.2
Affected: 20.6.5.2.3
Affected: 20.6.5.1.4
Affected: 20.6.5.3
Affected: 20.6.3.0.41
Affected: 20.9.3.0.7
Affected: 20.6.5.1.5
Affected: 20.9.3.0.4
Affected: 20.6.4.0.19
Affected: 20.6.5.1.6
Affected: 20.9.3.0.8
Affected: 20.6.3.3
Affected: 20.3.7.2
Affected: 20.6.5.4
Affected: 20.6.5.1.7
Affected: 20.9.3.0.12
Affected: 20.6.4.2
Affected: 20.6.5.5
Affected: 20.9.3.2
Affected: 20.11.1.2
Affected: 20.6.3.4
Affected: 20.10.1.2
Affected: 20.6.5.1.9
Affected: 20.9.3.0.16
Affected: 20.6.3.0.45
Affected: 20.6.5.1.10
Affected: 20.9.3.0.17
Affected: 20.6.5.2.4
Affected: 20.6.4.0.21
Affected: 20.9.3.0.18
Affected: 20.6.3.0.46
Affected: 20.6.3.0.47
Affected: 20.9.2.3
Affected: 20.9.3.2_LI_Images
Affected: 20.9.3.0.21
Affected: 20.9.3.0.20
Affected: 20.9.4_LI_Images
Affected: 20.9.4
Affected: 20.6.5.1.11
Affected: 20.12.1
Affected: 20.12.1_LI_Images
Affected: 20.6.5.1.13
Affected: 20.9.3.0.23
Affected: 20.6.5.2.8
Affected: 20.9.4.1
Affected: 20.9.4.1_LI_Images
Affected: 20.9.3.0.25
Affected: 20.9.3.0.24
Affected: 20.6.5.1.14
Affected: 20.3.8
Affected: 20.6.6
Affected: 20.9.3.0.26
Affected: 20.6.3.0.51
Affected: 20.9.3.0.29
Affected: 20.12.2
Affected: 20.12.2_LI_Images
Affected: 20.6.6.0.1
Affected: 20.13.1_LI_Images
Affected: 20.9.4.0.4
Affected: 20.13.1
Affected: 20.9.4.1.1
Affected: 20.9.5
Affected: 20.9.5_LI_Images
Affected: 20.12.3_LI_Images
Affected: 20.12.3
Affected: 20.9.4.1.3
Affected: 20.6.7
Affected: 20.9.5.1
Affected: 20.9.5.1_LI_Images
Affected: 20.9.4.1.6
Affected: 20.14.1
Affected: 20.14.1_LI_Images
Affected: 20.9.5.2
Affected: 20.9.5.2.1
Affected: 20.9.5.2_LI_Images
Affected: 20.12.3.1
Affected: 20.12.4
Affected: 20.15.1_LI_Images
Affected: 20.15.1
Affected: 20.9.5.1.4
Affected: 20.9.5.2.7
Affected: 20.9.5.2.13
Affected: 20.9.6
Affected: 20.9.6_LI_Images
Affected: 20.9.5.2.14
Affected: 20.6.8
Affected: 20.12.4.0.03
Affected: 20.16.1
Affected: 20.16.1_LI_Images
Affected: 20.12.4_LI_Images
Affected: 20.9.5.2.16
Affected: 20.12.4.0.4
Affected: 20.12.401
Affected: 20.9.5.3
Affected: 20.9.5.3_LI_Images
Affected: 20.12.4.1_LI_Images
Affected: 20.12.4.1
Affected: 20.9.5.2.21
Affected: 20.9.6.0.3
Affected: 20.12.4.0.6
Affected: 20.15.2_LI_Images
Affected: 20.15.2
Affected: 20.12.4_Monthly_ES5
Affected: 20.12.5
Affected: 20.12.5_LI_Images
Affected: 20.9.7_LI _Images
Affected: 20.9.7
Affected: 20.15.3
Affected: 20.15.3_ LI _Images
Affected: 20.12.501
Affected: 20.12.5.1_LI_Images
Affected: 20.12.5.1
Affected: 20.12.5.2_LI_Images
Affected: 20.12.5.2
Affected: 20.15.3.1
Affected: 20.15.4_LI_Images
Affected: 20.15.4
Affected: 20.9.7.1_LI _Images
Affected: 20.9.7.1
Affected: 20.18.1
Affected: 20.18.1_LI_Images
Affected: 20.12.6_LI_Images
Affected: 20.12.6
Affected: 20.12.5.1.01
Affected: 26.0.1
Affected: 20.9.8
Affected: 20.9.8_LI_Images
Affected: 20.18.2
Affected: 20.15.4.1_LI_Images
Affected: 20.15.4.1
Affected: 20.18.2_LI_Images
Affected: 26.1.1
Affected: 26.1.1_LI_Images
Affected: 20.18.2.1_LI_Images
Affected: 20.18.2.1
Affected: 20.15.4.2_LI_Images
Affected: 20.15.4.2
Affected: 20.12.6.1
Affected: 20.12.6.1_LI_Images
Affected: 20.12.5.3
Affected: 20.12.5.3_LI_Images
Affected: 20.9.8.2_LI_Images
Affected: 20.9.8.2
Affected: 20.18.3
Affected: 20.18.3_LI_Images
Affected: 20.15.5
Affected: 20.15.5_LI_Images
Affected: 20.12.7
Affected: 20.12.7_LI_Images
Affected: 20.9.9
Affected: 20.9.9_LI_Images
Affected: 20.18.2.2
Affected: 20.18.2.2_LI_Images
Affected: 20.12.5.4
Affected: 20.12.5.4_LI_ Images
Affected: 20.12.7.1_LI_Images
Affected: 20.12.6.2_LI_Images
Affected: 20.12.7.1
Affected: 20.15.5.1
Affected: 20.15.4.3
Affected: 20.15.4.3_LI_Images
Affected: 20.15.5.1_LI_Images
Affected: 20.12.6.2
Affected: 20.15.5.2
Affected: 20.15.5.2_LI_Images
Affected: 26.1.1.1_LI_Images
Affected: 20.15.4.4
Affected: 20.15.4.4_LI_Images
Affected: 26.1.1.1
Affected: 20.9.9.1_LI_Images
Affected: 20.9.9.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20262",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T03:55:46.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "20.3.2_925"
            },
            {
              "status": "affected",
              "version": "20.3.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_927"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "20.1.2_937"
            },
            {
              "status": "affected",
              "version": "20.4.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_928"
            },
            {
              "status": "affected",
              "version": "20.3.2_929"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_930"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "20.5.0.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_937"
            },
            {
              "status": "affected",
              "version": "20.3.3.1"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.4.1.1.5"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.01"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.02"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.7"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.10"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.14"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.8"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.3"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.2"
            },
            {
              "status": "affected",
              "version": "20.7.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.11"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.7.1"
            },
            {
              "status": "affected",
              "version": "20.6.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.813"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2"
            },
            {
              "status": "affected",
              "version": "20.3.814"
            },
            {
              "status": "affected",
              "version": "20.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.7.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.20"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.5"
            },
            {
              "status": "affected",
              "version": "20.6.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.7"
            },
            {
              "status": "affected",
              "version": "20.6.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.7.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.8.1"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.9"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.10"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.7.2"
            },
            {
              "status": "affected",
              "version": "20.9.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.11"
            },
            {
              "status": "affected",
              "version": "20.6.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.14"
            },
            {
              "status": "affected",
              "version": "20.6.4"
            },
            {
              "status": "affected",
              "version": "20.9.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.9.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.27"
            },
            {
              "status": "affected",
              "version": "20.9.2"
            },
            {
              "status": "affected",
              "version": "20.9.2.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.31"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.32"
            },
            {
              "status": "affected",
              "version": "20.10.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.33"
            },
            {
              "status": "affected",
              "version": "20.9.2.0.01"
            },
            {
              "status": "affected",
              "version": "20.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.10.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.9.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1"
            },
            {
              "status": "affected",
              "version": "20.11.1"
            },
            {
              "status": "affected",
              "version": "20.11.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.6.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.4.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.38"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.39"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.10.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.40"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.9.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.41"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.6.3.3"
            },
            {
              "status": "affected",
              "version": "20.3.7.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.7"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.12"
            },
            {
              "status": "affected",
              "version": "20.6.4.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.3.4"
            },
            {
              "status": "affected",
              "version": "20.10.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.9"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.45"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.10"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.46"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.47"
            },
            {
              "status": "affected",
              "version": "20.9.2.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.20"
            },
            {
              "status": "affected",
              "version": "20.9.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.11"
            },
            {
              "status": "affected",
              "version": "20.12.1"
            },
            {
              "status": "affected",
              "version": "20.12.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.13"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.8"
            },
            {
              "status": "affected",
              "version": "20.9.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.14"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.6.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.51"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.12.2"
            },
            {
              "status": "affected",
              "version": "20.12.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.6.0.1"
            },
            {
              "status": "affected",
              "version": "20.13.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.13.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.5"
            },
            {
              "status": "affected",
              "version": "20.9.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.6"
            },
            {
              "status": "affected",
              "version": "20.14.1"
            },
            {
              "status": "affected",
              "version": "20.14.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3.1"
            },
            {
              "status": "affected",
              "version": "20.12.4"
            },
            {
              "status": "affected",
              "version": "20.15.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.13"
            },
            {
              "status": "affected",
              "version": "20.9.6"
            },
            {
              "status": "affected",
              "version": "20.9.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.14"
            },
            {
              "status": "affected",
              "version": "20.6.8"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.03"
            },
            {
              "status": "affected",
              "version": "20.16.1"
            },
            {
              "status": "affected",
              "version": "20.16.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.16"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.12.401"
            },
            {
              "status": "affected",
              "version": "20.9.5.3"
            },
            {
              "status": "affected",
              "version": "20.9.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.21"
            },
            {
              "status": "affected",
              "version": "20.9.6.0.3"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.15.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.2"
            },
            {
              "status": "affected",
              "version": "20.12.4_Monthly_ES5"
            },
            {
              "status": "affected",
              "version": "20.12.5"
            },
            {
              "status": "affected",
              "version": "20.12.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.7_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7"
            },
            {
              "status": "affected",
              "version": "20.15.3"
            },
            {
              "status": "affected",
              "version": "20.15.3_ LI _Images"
            },
            {
              "status": "affected",
              "version": "20.12.501"
            },
            {
              "status": "affected",
              "version": "20.12.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.3.1"
            },
            {
              "status": "affected",
              "version": "20.15.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4"
            },
            {
              "status": "affected",
              "version": "20.9.7.1_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7.1"
            },
            {
              "status": "affected",
              "version": "20.18.1"
            },
            {
              "status": "affected",
              "version": "20.18.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6"
            },
            {
              "status": "affected",
              "version": "20.12.5.1.01"
            },
            {
              "status": "affected",
              "version": "26.0.1"
            },
            {
              "status": "affected",
              "version": "20.9.8"
            },
            {
              "status": "affected",
              "version": "20.9.8_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.1"
            },
            {
              "status": "affected",
              "version": "20.18.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1"
            },
            {
              "status": "affected",
              "version": "26.1.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.2"
            },
            {
              "status": "affected",
              "version": "20.12.6.1"
            },
            {
              "status": "affected",
              "version": "20.12.6.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.3"
            },
            {
              "status": "affected",
              "version": "20.12.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.8.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.8.2"
            },
            {
              "status": "affected",
              "version": "20.18.3"
            },
            {
              "status": "affected",
              "version": "20.18.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.5"
            },
            {
              "status": "affected",
              "version": "20.15.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.7"
            },
            {
              "status": "affected",
              "version": "20.12.7_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.9"
            },
            {
              "status": "affected",
              "version": "20.9.9_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.2"
            },
            {
              "status": "affected",
              "version": "20.18.2.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.4"
            },
            {
              "status": "affected",
              "version": "20.12.5.4_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.12.7.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.7.1"
            },
            {
              "status": "affected",
              "version": "20.15.5.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.3"
            },
            {
              "status": "affected",
              "version": "20.15.4.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6.2"
            },
            {
              "status": "affected",
              "version": "20.15.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.4"
            },
            {
              "status": "affected",
              "version": "20.15.4.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.9.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "In June 2026, the Cisco PSIRT became aware of limited exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T16:21:09.696Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwan-arbfw-c2rZvQ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwan-arbfw-c2rZvQ",
        "defects": [
          "CSCwu18441"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20262",
    "datePublished": "2026-06-15T16:21:09.696Z",
    "dateReserved": "2025-10-08T11:59:15.402Z",
    "dateUpdated": "2026-06-17T03:55:46.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20258 (GCVE-0-2026-20258)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:22
VLAI?
Title
Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
CWE
  • CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.11 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
Tony Tong
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:22:19.768336Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:22:27.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.11",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tony Tong"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:23.870Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0608"
      },
      "title": "Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20258",
    "datePublished": "2026-06-10T17:16:23.870Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:22:27.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20253 (GCVE-0-2026-20253)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-19 03:55
VLAI?
Title
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
Summary
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
CWE
  • CWE-306 - The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Create a notification for this product.
Credits
Alex Hordijk (hordalex)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20253",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-18",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-19T03:55:19.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-18T00:00:00.000Z",
            "value": "CVE-2026-20253 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alex Hordijk (hordalex)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
            }
          ],
          "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T20:33:56.243Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0603"
      },
      "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20253",
    "datePublished": "2026-06-10T17:16:21.242Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-19T03:55:19.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20260 (GCVE-0-2026-20260)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
VLAI?
Title
Log Injection through HTTP Request Paths in Splunk SOAR
Summary
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
CWE
  • CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk SOAR Affected: 8.5 , < 8.5.0 (custom)
Create a notification for this product.
Credits
STÖK / Fredrik Alexandersson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:23:06.757464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:23:13.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk SOAR",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "8.5.0",
              "status": "affected",
              "version": "8.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ST\u00d6K / Fredrik Alexandersson"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
            }
          ],
          "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:20.653Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0611"
      },
      "title": "Log Injection through HTTP Request Paths in Splunk SOAR"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20260",
    "datePublished": "2026-06-10T17:16:20.653Z",
    "dateReserved": "2025-10-08T11:59:15.402Z",
    "dateUpdated": "2026-06-10T18:23:13.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20252 (GCVE-0-2026-20252)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
VLAI?
Title
Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature. The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
CWE
  • CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.4.2604 , < 10.4.2604.3 (custom)
Affected: 10.3.2512 , < 10.3.2512.12 (custom)
Affected: 10.2.2510 , < 10.2.2510.14 (custom)
Affected: 10.1.2507 , < 10.1.2507.22 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
M Mahdan Argya Syarif (0xbeludan)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:23:29.592434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:23:36.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.4.2604.3",
              "status": "affected",
              "version": "10.4.2604",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.2512.12",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.14",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.22",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "M Mahdan Argya Syarif (0xbeludan)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:19.518Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0602"
      },
      "title": "Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20252",
    "datePublished": "2026-06-10T17:16:19.518Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:23:36.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20257 (GCVE-0-2026-20257)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
VLAI?
Title
Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it. The exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
CWE
  • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
Tony Tong (tongster)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:23:55.427272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:24:02.482Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.13",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tony Tong (tongster)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a classic dashboard that exfiltrates sensitive data from the browser of a higher-privileged user who views it.  \n\nThe exfiltration is possible because classic dashboard panels do not fully validate style attribute values, which can allow for requests to reach external domains outside the configured Trusted Domains List.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:03.885Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0607"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0607"
      },
      "title": "Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20257",
    "datePublished": "2026-06-10T17:16:03.885Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:24:02.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20259 (GCVE-0-2026-20259)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:24
VLAI?
Title
Improper Access Control in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control.
CWE
  • CWE-284 - The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 10.0.2503 , < 10.0.2503.14 (custom)
Affected: 9.3.2411 , < 9.3.2411.131 (custom)
Create a notification for this product.
Credits
Andres Perez, Splunk
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20259",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:24:17.180120Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:24:37.870Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.12",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.2503.14",
              "status": "affected",
              "version": "10.0.2503",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.131",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andres Perez, Splunk"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:02.256Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0609"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0609"
      },
      "title": "Improper Access Control in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20259",
    "datePublished": "2026-06-10T17:16:02.256Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:24:37.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20255 (GCVE-0-2026-20255)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:25
VLAI?
Title
Improper Input Validation through Classic Dashboards in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server. The vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard.
CWE
  • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
Tony Tong (tongster)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:25:06.072954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:25:12.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.13",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tony Tong (tongster)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server.  \n\nThe vulnerability exists because URL validation on the external content dialog is incomplete, which can allow for requests to untrusted domains when a user interacts with a crafted dashboard."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:00.962Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0605"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0605"
      },
      "title": "Improper Input Validation through Classic Dashboards in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20255",
    "datePublished": "2026-06-10T17:16:00.962Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:25:12.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20251 (GCVE-0-2026-20251)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-11 03:55
VLAI?
Title
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.<br><br>The Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the ‘jsonpickle’ Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation.
CWE
  • CWE-502 - The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.12 (custom)
Affected: 10.2.2510 , < 10.2.2510.14 (custom)
Affected: 10.1.2507 , < 10.1.2507.22 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
    Splunk Splunk Secure Gateway Affected: 3.10 , < 3.10.6 (custom)
Affected: 3.9 , < 3.9.20 (custom)
Affected: 3.8 , < 3.8.67 (custom)
Create a notification for this product.
Credits
M Mahdan Argya Syarif (0xbeludan)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T03:55:39.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.12",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.14",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.22",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Secure Gateway",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "3.10.6",
              "status": "affected",
              "version": "3.10",
              "versionType": "custom"
            },
            {
              "lessThan": "3.9.20",
              "status": "affected",
              "version": "3.9",
              "versionType": "custom"
            },
            {
              "lessThan": "3.8.67",
              "status": "affected",
              "version": "3.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "M Mahdan Argya Syarif (0xbeludan)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, and Splunk Secure Gateway versions below 3.10.6, 3.9.20, and 3.8.67, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could perform a Remote Code Execution (RCE) through the Splunk Secure Gateway app.\u003cbr\u003e\u003cbr\u003eThe Remote Code Execution is possible because of unsafe deserialization of App Key Value Store (KV Store) data through the \u2018jsonpickle\u2019 Python library, which reconstructs arbitrary Python objects from specially crafted JavaScript Object Notation (JSON) without adequate validation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:16:00.352Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0601"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0601"
      },
      "title": "Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20251",
    "datePublished": "2026-06-10T17:16:00.352Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-11T03:55:39.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20254 (GCVE-0-2026-20254)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:27
VLAI?
Title
Information Disclosure through External Content Restriction Bypass in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.<br><br>The Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard.
CWE
  • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
Fredrik Alexandersson (stok)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:26:45.451095Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:27:01.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.13",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Fredrik Alexandersson (stok)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could craft a malicious classic dashboard that exfiltrates sensitive data to an external server when a higher-privileged user views it, bypassing the external content restriction through a Cascading Style Sheets (CSS) injection.\u003cbr\u003e\u003cbr\u003eThe Trusted Domains security check does not fully validate inline style attribute values, which can allow for outbound requests to untrusted domains and credential exfiltration when a victim views a crafted dashboard."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:15:59.452Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0604"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0604"
      },
      "title": "Information Disclosure through External Content Restriction Bypass in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20254",
    "datePublished": "2026-06-10T17:15:59.452Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:27:01.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20256 (GCVE-0-2026-20256)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:19
VLAI?
Title
Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.<br><br>The vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim.
CWE
  • CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
Affected: 10.0 , < 10.0.7 (custom)
Affected: 9.4 , < 9.4.12 (custom)
Affected: 9.3 , < 9.3.13 (custom)
Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.13 (custom)
Affected: 10.2.2510 , < 10.2.2510.15 (custom)
Affected: 10.1.2507 , < 10.1.2507.23 (custom)
Affected: 9.3.2411 , < 9.3.2411.132 (custom)
Create a notification for this product.
Credits
Tony Tong (tongster)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20256",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:18:59.939227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:19:26.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.4",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.7",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.12",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.13",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.3.2512.13",
              "status": "affected",
              "version": "10.3.2512",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2510.15",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.23",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.132",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tony Tong (tongster)"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could cause data exfiltration through classic dashboards by redirecting a victim to an external site using a protocol-relative URL in a drill-down link.\u003cbr\u003e\u003cbr\u003eThe vulnerability exists because the URL classifier in classic dashboards only recognizes `http://` and `https://` schemes when checking for external URLs. Protocol-relative URLs such as `//attacker.com` bypass this check entirely, and Splunk Web does not show the external-navigation warning dialog to the victim."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:15:55.966Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0606"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0606"
      },
      "title": "Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20256",
    "datePublished": "2026-06-10T17:15:55.966Z",
    "dateReserved": "2025-10-08T11:59:15.401Z",
    "dateUpdated": "2026-06-10T18:19:26.044Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20245 (GCVE-0-2026-20245)

Vulnerability from cvelistv5 – Published: 2026-06-04 22:33 – Updated: 2026-06-12 21:18
VLAI?
Title
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
Summary
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.&nbsp; To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.
CWE
  • CWE-116 - Improper Encoding or Escaping of Output
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst SD-WAN Controller Affected: 20.6.4
Affected: 20.9.2
Affected: 20.3.6
Affected: 20.7.2
Affected: 20.7.1
Affected: 20.5.1
Affected: 20.6.2
Affected: 19.3.0
Affected: 20.6.1
Affected: 17.2.4
Affected: 18.2.0
Affected: 18.4.6
Affected: 19.1.0
Affected: 19.2.4
Affected: 19.2.929
Affected: 18.3.8
Affected: 18.4.303
Affected: 18.3.7
Affected: 18.4.1
Affected: 19.2.097
Affected: 19.2.0
Affected: 19.2.099
Affected: 18.3.6
Affected: 20.4.2
Affected: 19.0.0
Affected: 20.9.1
Affected: 20.3.5
Affected: 20.3.1
Affected: 18.3.5
Affected: 20.6.3
Affected: 18.4.3
Affected: 18.4.4
Affected: 18.3.3
Affected: 17.2.8
Affected: 20.8.1
Affected: 19.2.32
Affected: 19.2.2
Affected: 17.2.5
Affected: 18.4.0
Affected: 20.4.1.1
Affected: 20.1.3
Affected: 20.1.2
Affected: 17.2.10
Affected: 19.2.098
Affected: 20.1.1
Affected: 17.2.6
Affected: 19.2.1
Affected: 18.3.4
Affected: 20.4.1
Affected: 17.2.9
Affected: 19.2.31
Affected: 19.0.1a
Affected: 18.3.0
Affected: 17.2.7
Affected: 18.4.5
Affected: 20.3.4
Affected: 20.3.3
Affected: 20.4.1.2
Affected: 20.3.2
Affected: 18.3.1
Affected: 20.1.12
Affected: 19.2.3
Affected: 20.10.1
Affected: 20.6.5
Affected: 20.3.7
Affected: 20.9.3
Affected: 20.11.1
Affected: 20.6.3.2
Affected: 20.4.2.3
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.9.3.1
Affected: 20.6.4.1
Affected: 20.3.3.2
Affected: 20.6.5.2
Affected: 20.3.7.1
Affected: 20.11.1.1
Affected: 20.10.1.1
Affected: 20.6.1.2
Affected: 20.1.3.1
Affected: 20.9.2.2
Affected: 20.6.5.3
Affected: 20.6.3.3
Affected: 20.3.7.2
Affected: 20.6.5.4
Affected: 20.9.2.3
Affected: 20.9.4
Affected: 20.12.1
Affected: 20.3.8
Affected: 20.6.6
Affected: 20.12.2
Affected: 20.13.1
Affected: 20.9.5
Affected: 20.12.3
Affected: 20.6.7
Affected: 20.9.5.1
Affected: 20.14.1
Affected: 20.12.3.1
Affected: 20.12.4
Affected: 20.15.1
Affected: 20.9.6
Affected: 20.6.8
Affected: 20.16.1
Affected: 20.9.5.3
Affected: 20.12.4.1
Affected: 20.15.2
Affected: 20.12.5
Affected: 20.9.7
Affected: 20.15.3
Affected: 20.12.5.1
Affected: 20.12.5.2
Affected: 20.15.4
Affected: 20.9.7.1
Affected: 20.18.1
Affected: 20.12.6
Affected: 20.9.8
Affected: 20.15.4.1
Affected: 20.18.2
Affected: 26.1.1
Affected: 20.15.4.2
Affected: 20.18.2.1
Affected: 20.12.5.3
Affected: 20.12.6.1
Affected: 20.9.8.2
Affected: 20.15.5
Affected: 20.18.3
Affected: 20.12.7
Affected: 20.9.9
Affected: 20.18.2.2
Affected: 20.12.5.4
Affected: 20.12.7.1
Affected: 20.15.5.1
Affected: 20.15.4.3
Affected: 20.12.6.2
Affected: 20.15.5.2
Affected: 20.15.4.4
Affected: 26.1.1.1
Affected: 20.9.9.1
Affected: 20.18.3.1
Affected: 26.1.1.2
Affected: 20.15.4.5
Affected: 20.15.5.3
Create a notification for this product.
    Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
Affected: 19.2.1
Affected: 18.4.4
Affected: 18.4.5
Affected: 20.1.1.1
Affected: 20.1.1
Affected: 19.3.0
Affected: 19.2.2
Affected: 19.2.099
Affected: 18.3.6
Affected: 18.3.7
Affected: 19.2.0
Affected: 18.3.8
Affected: 19.0.0
Affected: 19.1.0
Affected: 18.4.302
Affected: 18.4.303
Affected: 19.2.097
Affected: 19.2.098
Affected: 17.2.10
Affected: 18.3.6.1
Affected: 19.0.1a
Affected: 18.2.0
Affected: 18.4.3
Affected: 18.4.1
Affected: 17.2.8
Affected: 18.3.3.1
Affected: 18.4.0
Affected: 18.3.1
Affected: 17.2.6
Affected: 17.2.9
Affected: 18.3.4
Affected: 17.2.5
Affected: 18.3.1.1
Affected: 18.3.5
Affected: 18.4.0.1
Affected: 18.3.3
Affected: 17.2.7
Affected: 17.2.4
Affected: 18.3.0
Affected: 19.2.3
Affected: 18.4.501_ES
Affected: 20.3.1
Affected: 20.1.2
Affected: 19.2.929
Affected: 19.2.31
Affected: 20.3.2
Affected: 19.2.32
Affected: 20.3.2_925
Affected: 20.3.2.1
Affected: 20.3.2.1_927
Affected: 18.4.6
Affected: 20.1.2_937
Affected: 20.4.1
Affected: 20.3.2_928
Affected: 20.3.2_929
Affected: 20.4.1.0.1
Affected: 20.3.2.1_930
Affected: 19.2.4
Affected: 20.5.0.1.1
Affected: 20.4.1.1
Affected: 20.3.3
Affected: 19.2.4.0.1
Affected: 20.3.2_937
Affected: 20.3.3.1
Affected: 20.5.1
Affected: 20.1.3
Affected: 20.3.3.0.4
Affected: 20.3.3.1.2
Affected: 20.3.3.1.1
Affected: 20.4.1.2
Affected: 20.3.3.0.2
Affected: 20.4.1.1.5
Affected: 20.4.1.0.01
Affected: 20.4.1.0.02
Affected: 20.3.3.1.7
Affected: 20.3.3.1.5
Affected: 20.5.1.0.1
Affected: 20.3.3.1.10
Affected: 20.3.3.0.8
Affected: 20.4.2
Affected: 20.4.2.0.1
Affected: 20.3.4
Affected: 20.3.3.0.14
Affected: 19.2.4.0.8
Affected: 19.2.4.0.9
Affected: 20.3.4.0.1
Affected: 20.3.2.0.5
Affected: 20.6.1
Affected: 20.5.1.0.2
Affected: 20.3.3.0.17
Affected: 20.6.1.1
Affected: 20.6.0.18.3
Affected: 20.3.2.0.6
Affected: 20.6.0.18.4
Affected: 20.4.2.0.2
Affected: 20.3.3.0.16
Affected: 20.3.4.0.5
Affected: 20.6.1.0.1
Affected: 20.3.4.0.6
Affected: 20.6.2
Affected: 20.7.1EFT2
Affected: 20.3.4.0.9
Affected: 20.3.4.0.11
Affected: 20.4.2.0.4
Affected: 20.3.3.0.18
Affected: 20.7.1
Affected: 20.6.2.1
Affected: 20.3.4.1
Affected: 20.5.1.1
Affected: 20.4.2.1
Affected: 20.4.2.1.1
Affected: 20.3.4.1.1
Affected: 20.3.813
Affected: 20.3.4.0.19
Affected: 20.4.2.2.1
Affected: 20.5.1.2
Affected: 20.3.4.2
Affected: 20.3.814
Affected: 20.4.2.2
Affected: 20.6.2.2
Affected: 20.3.4.2.1
Affected: 20.7.1.1
Affected: 20.3.4.1.2
Affected: 20.6.2.2.2
Affected: 20.3.4.0.20
Affected: 20.6.2.2.3
Affected: 20.4.2.2.2
Affected: 20.3.5
Affected: 20.6.2.0.4
Affected: 20.4.2.2.3
Affected: 20.3.4.0.24
Affected: 20.6.2.2.7
Affected: 20.6.3
Affected: 20.3.4.2.2
Affected: 20.4.2.2.4
Affected: 20.7.1.0.2
Affected: 20.8.1
Affected: 20.3.5.0.8
Affected: 20.3.5.0.9
Affected: 20.4.2.2.8
Affected: 20.3.5.0.7
Affected: 20.6.3.0.7
Affected: 20.6.3.0.5
Affected: 20.6.3.0.10
Affected: 20.6.3.0.2
Affected: 20.7.2
Affected: 20.9.1EFT2
Affected: 20.6.3.0.11
Affected: 20.6.3.1
Affected: 20.6.3.0.14
Affected: 20.6.4
Affected: 20.9.1
Affected: 20.6.3.0.19
Affected: 20.6.3.0.18
Affected: 20.3.6
Affected: 20.9.1.1
Affected: 20.6.3.0.23
Affected: 20.6.4.0.4
Affected: 20.6.3.0.25
Affected: 20.6.5
Affected: 20.6.3.0.27
Affected: 20.9.2
Affected: 20.9.2.1
Affected: 20.6.3.0.29
Affected: 20.6.3.0.31
Affected: 20.6.3.0.32
Affected: 20.10.1
Affected: 20.6.3.0.33
Affected: 20.9.2.0.01
Affected: 20.9.1_LI_Images
Affected: 20.10.1_LI_Images
Affected: 20.9.2_LI_Images
Affected: 20.3.7
Affected: 20.9.3
Affected: 20.6.5.1
Affected: 20.11.1
Affected: 20.11.1_LI_Images
Affected: 20.9.3_LI_ Images
Affected: 20.6.3.1.1
Affected: 20.9.3.0.2
Affected: 20.6.5.1.2
Affected: 20.9.3.0.3
Affected: 20.4.2.3
Affected: 20.6.3.2
Affected: 20.6.4.1
Affected: 20.6.3.0.38
Affected: 20.6.3.0.39
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.9.3.1
Affected: 20.3.3.2
Affected: 20.6.5.2
Affected: 20.3.7.1
Affected: 20.10.1.1
Affected: 20.6.5.2.1
Affected: 20.3.4.0.25
Affected: 20.6.2.2.4
Affected: 20.6.1.2
Affected: 20.11.1.1
Affected: 20.9.3.0.5
Affected: 20.3.4.0.26
Affected: 20.6.5.1.3
Affected: 20.6.3.0.40
Affected: 20.1.3.1
Affected: 20.9.2.2
Affected: 20.6.5.2.3
Affected: 20.6.5.1.4
Affected: 20.6.5.3
Affected: 20.6.3.0.41
Affected: 20.9.3.0.7
Affected: 20.6.5.1.5
Affected: 20.9.3.0.4
Affected: 20.6.4.0.19
Affected: 20.6.5.1.6
Affected: 20.9.3.0.8
Affected: 20.6.3.3
Affected: 20.3.7.2
Affected: 20.6.5.4
Affected: 20.6.5.1.7
Affected: 20.9.3.0.12
Affected: 20.6.4.2
Affected: 20.6.5.5
Affected: 20.9.3.2
Affected: 20.11.1.2
Affected: 20.6.3.4
Affected: 20.10.1.2
Affected: 20.6.5.1.9
Affected: 20.9.3.0.16
Affected: 20.6.3.0.45
Affected: 20.6.5.1.10
Affected: 20.9.3.0.17
Affected: 20.6.5.2.4
Affected: 20.6.4.0.21
Affected: 20.9.3.0.18
Affected: 20.6.3.0.46
Affected: 20.6.3.0.47
Affected: 20.9.2.3
Affected: 20.9.3.2_LI_Images
Affected: 20.9.3.0.21
Affected: 20.9.3.0.20
Affected: 20.9.4_LI_Images
Affected: 20.9.4
Affected: 20.6.5.1.11
Affected: 20.12.1
Affected: 20.12.1_LI_Images
Affected: 20.6.5.1.13
Affected: 20.9.3.0.23
Affected: 20.6.5.2.8
Affected: 20.9.4.1
Affected: 20.9.4.1_LI_Images
Affected: 20.9.3.0.25
Affected: 20.9.3.0.24
Affected: 20.6.5.1.14
Affected: 20.3.8
Affected: 20.6.6
Affected: 20.9.3.0.26
Affected: 20.6.3.0.51
Affected: 20.9.3.0.29
Affected: 20.12.2
Affected: 20.12.2_LI_Images
Affected: 20.6.6.0.1
Affected: 20.13.1_LI_Images
Affected: 20.9.4.0.4
Affected: 20.13.1
Affected: 20.9.4.1.1
Affected: 20.9.5
Affected: 20.9.5_LI_Images
Affected: 20.12.3_LI_Images
Affected: 20.12.3
Affected: 20.9.4.1.3
Affected: 20.6.7
Affected: 20.9.5.1
Affected: 20.9.5.1_LI_Images
Affected: 20.9.4.1.6
Affected: 20.14.1
Affected: 20.14.1_LI_Images
Affected: 20.9.5.2
Affected: 20.9.5.2.1
Affected: 20.9.5.2_LI_Images
Affected: 20.12.3.1
Affected: 20.12.4
Affected: 20.15.1_LI_Images
Affected: 20.15.1
Affected: 20.9.5.1.4
Affected: 20.9.5.2.7
Affected: 20.9.5.2.13
Affected: 20.9.6
Affected: 20.9.6_LI_Images
Affected: 20.9.5.2.14
Affected: 20.6.8
Affected: 20.12.4.0.03
Affected: 20.16.1
Affected: 20.16.1_LI_Images
Affected: 20.12.4_LI_Images
Affected: 20.9.5.2.16
Affected: 20.12.4.0.4
Affected: 20.12.401
Affected: 20.9.5.3
Affected: 20.9.5.3_LI_Images
Affected: 20.12.4.1_LI_Images
Affected: 20.12.4.1
Affected: 20.9.5.2.21
Affected: 20.9.6.0.3
Affected: 20.12.4.0.6
Affected: 20.15.2_LI_Images
Affected: 20.15.2
Affected: 20.12.4_Monthly_ES5
Affected: 20.12.5
Affected: 20.12.5_LI_Images
Affected: 20.9.7_LI _Images
Affected: 20.9.7
Affected: 20.15.3
Affected: 20.15.3_ LI _Images
Affected: 20.12.501
Affected: 20.12.5.1_LI_Images
Affected: 20.12.5.1
Affected: 20.12.5.2_LI_Images
Affected: 20.12.5.2
Affected: 20.15.3.1
Affected: 20.15.4_LI_Images
Affected: 20.15.4
Affected: 20.9.7.1_LI _Images
Affected: 20.9.7.1
Affected: 20.18.1
Affected: 20.18.1_LI_Images
Affected: 20.12.6_LI_Images
Affected: 20.12.6
Affected: 20.12.5.1.01
Affected: 26.0.1
Affected: 20.9.8
Affected: 20.9.8_LI_Images
Affected: 20.18.2
Affected: 20.15.4.1_LI_Images
Affected: 20.15.4.1
Affected: 20.18.2_LI_Images
Affected: 26.1.1
Affected: 26.1.1_LI_Images
Affected: 20.18.2.1_LI_Images
Affected: 20.18.2.1
Affected: 20.15.4.2_LI_Images
Affected: 20.15.4.2
Affected: 20.12.6.1
Affected: 20.12.6.1_LI_Images
Affected: 20.12.5.3
Affected: 20.12.5.3_LI_Images
Affected: 20.9.8.2_LI_Images
Affected: 20.9.8.2
Affected: 20.18.3
Affected: 20.18.3_LI_Images
Affected: 20.15.5
Affected: 20.15.5_LI_Images
Affected: 20.12.7
Affected: 20.12.7_LI_Images
Affected: 20.9.9
Affected: 20.9.9_LI_Images
Affected: 20.18.2.2
Affected: 20.18.2.2_LI_Images
Affected: 20.12.5.4
Affected: 20.12.5.4_LI_ Images
Affected: 20.12.7.1_LI_Images
Affected: 20.12.6.2_LI_Images
Affected: 20.12.7.1
Affected: 20.15.5.1
Affected: 20.15.4.3
Affected: 20.15.4.3_LI_Images
Affected: 20.15.5.1_LI_Images
Affected: 20.12.6.2
Affected: 20.15.5.2
Affected: 20.15.5.2_LI_Images
Affected: 26.1.1.1_LI_Images
Affected: 20.15.4.4
Affected: 20.15.4.4_LI_Images
Affected: 26.1.1.1
Affected: 20.9.9.1_LI_Images
Affected: 20.9.9.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20245",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-06-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20245"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:55:26.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20245"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-09T00:00:00.000Z",
            "value": "CVE-2026-20245 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Controller",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.6.4"
            },
            {
              "status": "affected",
              "version": "20.9.2"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.7.2"
            },
            {
              "status": "affected",
              "version": "20.7.1"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.6.2"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "20.6.1"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "20.9.1"
            },
            {
              "status": "affected",
              "version": "20.3.5"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "20.6.3"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "20.8.1"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "20.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "20.10.1"
            },
            {
              "status": "affected",
              "version": "20.6.5"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.9.3"
            },
            {
              "status": "affected",
              "version": "20.11.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.4.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.11.1.1"
            },
            {
              "status": "affected",
              "version": "20.10.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.9.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.3"
            },
            {
              "status": "affected",
              "version": "20.3.7.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.4"
            },
            {
              "status": "affected",
              "version": "20.9.2.3"
            },
            {
              "status": "affected",
              "version": "20.9.4"
            },
            {
              "status": "affected",
              "version": "20.12.1"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.6.6"
            },
            {
              "status": "affected",
              "version": "20.12.2"
            },
            {
              "status": "affected",
              "version": "20.13.1"
            },
            {
              "status": "affected",
              "version": "20.9.5"
            },
            {
              "status": "affected",
              "version": "20.12.3"
            },
            {
              "status": "affected",
              "version": "20.6.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.1"
            },
            {
              "status": "affected",
              "version": "20.14.1"
            },
            {
              "status": "affected",
              "version": "20.12.3.1"
            },
            {
              "status": "affected",
              "version": "20.12.4"
            },
            {
              "status": "affected",
              "version": "20.15.1"
            },
            {
              "status": "affected",
              "version": "20.9.6"
            },
            {
              "status": "affected",
              "version": "20.6.8"
            },
            {
              "status": "affected",
              "version": "20.16.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.3"
            },
            {
              "status": "affected",
              "version": "20.12.4.1"
            },
            {
              "status": "affected",
              "version": "20.15.2"
            },
            {
              "status": "affected",
              "version": "20.12.5"
            },
            {
              "status": "affected",
              "version": "20.9.7"
            },
            {
              "status": "affected",
              "version": "20.15.3"
            },
            {
              "status": "affected",
              "version": "20.12.5.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.4"
            },
            {
              "status": "affected",
              "version": "20.9.7.1"
            },
            {
              "status": "affected",
              "version": "20.18.1"
            },
            {
              "status": "affected",
              "version": "20.12.6"
            },
            {
              "status": "affected",
              "version": "20.9.8"
            },
            {
              "status": "affected",
              "version": "20.15.4.1"
            },
            {
              "status": "affected",
              "version": "20.18.2"
            },
            {
              "status": "affected",
              "version": "26.1.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.2"
            },
            {
              "status": "affected",
              "version": "20.18.2.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.3"
            },
            {
              "status": "affected",
              "version": "20.12.6.1"
            },
            {
              "status": "affected",
              "version": "20.9.8.2"
            },
            {
              "status": "affected",
              "version": "20.15.5"
            },
            {
              "status": "affected",
              "version": "20.18.3"
            },
            {
              "status": "affected",
              "version": "20.12.7"
            },
            {
              "status": "affected",
              "version": "20.9.9"
            },
            {
              "status": "affected",
              "version": "20.18.2.2"
            },
            {
              "status": "affected",
              "version": "20.12.5.4"
            },
            {
              "status": "affected",
              "version": "20.12.7.1"
            },
            {
              "status": "affected",
              "version": "20.15.5.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.3"
            },
            {
              "status": "affected",
              "version": "20.12.6.2"
            },
            {
              "status": "affected",
              "version": "20.15.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.4"
            },
            {
              "status": "affected",
              "version": "26.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.9.1"
            },
            {
              "status": "affected",
              "version": "20.18.3.1"
            },
            {
              "status": "affected",
              "version": "26.1.1.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.5"
            },
            {
              "status": "affected",
              "version": "20.15.5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "20.3.2_925"
            },
            {
              "status": "affected",
              "version": "20.3.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_927"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "20.1.2_937"
            },
            {
              "status": "affected",
              "version": "20.4.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_928"
            },
            {
              "status": "affected",
              "version": "20.3.2_929"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_930"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "20.5.0.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_937"
            },
            {
              "status": "affected",
              "version": "20.3.3.1"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.4.1.1.5"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.01"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.02"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.7"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.10"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.14"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.8"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.3"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.2"
            },
            {
              "status": "affected",
              "version": "20.7.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.11"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.7.1"
            },
            {
              "status": "affected",
              "version": "20.6.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.813"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2"
            },
            {
              "status": "affected",
              "version": "20.3.814"
            },
            {
              "status": "affected",
              "version": "20.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.7.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.20"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.5"
            },
            {
              "status": "affected",
              "version": "20.6.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.7"
            },
            {
              "status": "affected",
              "version": "20.6.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.7.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.8.1"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.9"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.10"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.7.2"
            },
            {
              "status": "affected",
              "version": "20.9.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.11"
            },
            {
              "status": "affected",
              "version": "20.6.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.14"
            },
            {
              "status": "affected",
              "version": "20.6.4"
            },
            {
              "status": "affected",
              "version": "20.9.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.9.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.27"
            },
            {
              "status": "affected",
              "version": "20.9.2"
            },
            {
              "status": "affected",
              "version": "20.9.2.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.31"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.32"
            },
            {
              "status": "affected",
              "version": "20.10.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.33"
            },
            {
              "status": "affected",
              "version": "20.9.2.0.01"
            },
            {
              "status": "affected",
              "version": "20.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.10.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.9.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1"
            },
            {
              "status": "affected",
              "version": "20.11.1"
            },
            {
              "status": "affected",
              "version": "20.11.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.6.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.4.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.38"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.39"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.10.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.40"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.9.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.41"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.6.3.3"
            },
            {
              "status": "affected",
              "version": "20.3.7.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.7"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.12"
            },
            {
              "status": "affected",
              "version": "20.6.4.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.3.4"
            },
            {
              "status": "affected",
              "version": "20.10.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.9"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.45"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.10"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.46"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.47"
            },
            {
              "status": "affected",
              "version": "20.9.2.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.20"
            },
            {
              "status": "affected",
              "version": "20.9.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.11"
            },
            {
              "status": "affected",
              "version": "20.12.1"
            },
            {
              "status": "affected",
              "version": "20.12.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.13"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.8"
            },
            {
              "status": "affected",
              "version": "20.9.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.14"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.6.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.51"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.12.2"
            },
            {
              "status": "affected",
              "version": "20.12.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.6.0.1"
            },
            {
              "status": "affected",
              "version": "20.13.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.13.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.5"
            },
            {
              "status": "affected",
              "version": "20.9.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.6"
            },
            {
              "status": "affected",
              "version": "20.14.1"
            },
            {
              "status": "affected",
              "version": "20.14.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3.1"
            },
            {
              "status": "affected",
              "version": "20.12.4"
            },
            {
              "status": "affected",
              "version": "20.15.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.13"
            },
            {
              "status": "affected",
              "version": "20.9.6"
            },
            {
              "status": "affected",
              "version": "20.9.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.14"
            },
            {
              "status": "affected",
              "version": "20.6.8"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.03"
            },
            {
              "status": "affected",
              "version": "20.16.1"
            },
            {
              "status": "affected",
              "version": "20.16.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.16"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.12.401"
            },
            {
              "status": "affected",
              "version": "20.9.5.3"
            },
            {
              "status": "affected",
              "version": "20.9.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.21"
            },
            {
              "status": "affected",
              "version": "20.9.6.0.3"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.15.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.2"
            },
            {
              "status": "affected",
              "version": "20.12.4_Monthly_ES5"
            },
            {
              "status": "affected",
              "version": "20.12.5"
            },
            {
              "status": "affected",
              "version": "20.12.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.7_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7"
            },
            {
              "status": "affected",
              "version": "20.15.3"
            },
            {
              "status": "affected",
              "version": "20.15.3_ LI _Images"
            },
            {
              "status": "affected",
              "version": "20.12.501"
            },
            {
              "status": "affected",
              "version": "20.12.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.3.1"
            },
            {
              "status": "affected",
              "version": "20.15.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4"
            },
            {
              "status": "affected",
              "version": "20.9.7.1_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7.1"
            },
            {
              "status": "affected",
              "version": "20.18.1"
            },
            {
              "status": "affected",
              "version": "20.18.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6"
            },
            {
              "status": "affected",
              "version": "20.12.5.1.01"
            },
            {
              "status": "affected",
              "version": "26.0.1"
            },
            {
              "status": "affected",
              "version": "20.9.8"
            },
            {
              "status": "affected",
              "version": "20.9.8_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.1"
            },
            {
              "status": "affected",
              "version": "20.18.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1"
            },
            {
              "status": "affected",
              "version": "26.1.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.2"
            },
            {
              "status": "affected",
              "version": "20.12.6.1"
            },
            {
              "status": "affected",
              "version": "20.12.6.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.3"
            },
            {
              "status": "affected",
              "version": "20.12.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.8.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.8.2"
            },
            {
              "status": "affected",
              "version": "20.18.3"
            },
            {
              "status": "affected",
              "version": "20.18.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.5"
            },
            {
              "status": "affected",
              "version": "20.15.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.7"
            },
            {
              "status": "affected",
              "version": "20.12.7_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.9"
            },
            {
              "status": "affected",
              "version": "20.9.9_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2.2"
            },
            {
              "status": "affected",
              "version": "20.18.2.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.4"
            },
            {
              "status": "affected",
              "version": "20.12.5.4_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.12.7.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.7.1"
            },
            {
              "status": "affected",
              "version": "20.15.5.1"
            },
            {
              "status": "affected",
              "version": "20.15.4.3"
            },
            {
              "status": "affected",
              "version": "20.15.4.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6.2"
            },
            {
              "status": "affected",
              "version": "20.15.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.4"
            },
            {
              "status": "affected",
              "version": "20.15.4.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "26.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.9.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.\u0026nbsp;\r\nTo exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of  or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices.\r\nCisco recommends that customers upgrade to the fixed software that is documented in the  that was published on May 14, 2026, and verify the configuration of the edge devices."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "In June 2026, the Cisco PSIRT became aware of exploitation of this vulnerability.\r\n\r\nTo exploit this vulnerability, an attacker must have\u00a0netadmin privileges on an affected system. This would require valid credentials or exploitation of  or . Cisco is not aware of successful exploitation by other methods."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T21:18:19.941Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwan-privesc-4uxFrdzx",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx"
        },
        {
          "name": "CVE-2026-20182\u003c/a\u003e or \u003ca href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk\" target=\"_blank\" rel=\"noopener\"\u003eCVE-2026-20127",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwan-privesc-4uxFrdzx",
        "defects": [
          "CSCwu18563"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20245",
    "datePublished": "2026-06-04T22:33:00.748Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-06-12T21:18:19.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20230 (GCVE-0-2026-20230)

Vulnerability from cvelistv5 – Published: 2026-06-03 16:09 – Updated: 2026-07-01 16:28
VLAI?
Title
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Unified Communications Manager Affected: 14
Affected: 14SU1
Affected: 14SU2
Affected: 14SU3
Affected: 15
Affected: 15SU1
Affected: 14SU4
Affected: 14SU4a
Affected: 15SU1a
Affected: 15SU2
Affected: 15.0.1.13010-1
Affected: 15.0.1.13011-1
Affected: 15.0.1.13012-1
Affected: 15.0.1.13013-1
Affected: 15.0.1.13014-1
Affected: 15.0.1.13015-1
Affected: 15.0.1.13016-1
Affected: 15.0.1.13017-1
Affected: 15SU3a
Affected: 14SU5
Affected: 15SU4
Affected: 15SU4a
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20230",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T03:55:19.730Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://denizhalil.com/2026/06/12/cve-2026-20230-cisco-unified-cm-ssrf/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20230"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "15SU2"
            },
            {
              "status": "affected",
              "version": "15.0.1.13010-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13011-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13012-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13013-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13014-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13015-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13016-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13017-1"
            },
            {
              "status": "affected",
              "version": "15SU3a"
            },
            {
              "status": "affected",
              "version": "14SU5"
            },
            {
              "status": "affected",
              "version": "15SU4"
            },
            {
              "status": "affected",
              "version": "15SU4a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.\r\nNote: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nIn June 2026, the Cisco PSIRT became aware of active exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T16:28:16.838Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cucm-ssrf-cXPnHcW",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-ssrf-cXPnHcW",
        "defects": [
          "CSCws67331"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20230",
    "datePublished": "2026-06-03T16:09:45.961Z",
    "dateReserved": "2025-10-08T11:59:15.399Z",
    "dateUpdated": "2026-07-01T16:28:16.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20175 (GCVE-0-2026-20175)

Vulnerability from cvelistv5 – Published: 2026-06-03 16:06 – Updated: 2026-06-03 17:46
VLAI?
Title
Cisco Finesse File Inclusion Vulnerability
Summary
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
CWE
  • CWE-73 - External Control of File Name or Path
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
Affected: 10.5(1)ES4
Affected: 11.6(1)ES3
Affected: 11.0(1)ES2
Affected: 12.0(1)ES2
Affected: 10.5(1)ES3
Affected: 11.0(1)
Affected: 11.6(1)FIPS
Affected: 11.6(1)ES4
Affected: 11.0(1)ES3
Affected: 10.5(1)ES6
Affected: 11.0(1)ES7
Affected: 11.5(1)ES4
Affected: 10.5(1)ES8
Affected: 11.5(1)
Affected: 11.6(1)
Affected: 10.5(1)ES10
Affected: 11.6(1)ES2
Affected: 11.6(1)ES
Affected: 11.0(1)ES6
Affected: 11.0(1)ES4
Affected: 12.0(1)
Affected: 11.6(1)ES7
Affected: 10.5(1)ES7
Affected: 11.6(1)ES8
Affected: 11.5(1)ES1
Affected: 11.6(1)ES1
Affected: 11.5(1)ES5
Affected: 11.0(1)ES1
Affected: 10.5(1)
Affected: 11.6(1)ES6
Affected: 10.5(1)ES2
Affected: 12.0(1)ES1
Affected: 11.0(1)ES5
Affected: 10.5(1)ES5
Affected: 11.5(1)ES3
Affected: 11.5(1)ES2
Affected: 10.5(1)ES9
Affected: 11.6(1)ES5
Affected: 11.6(1)ES9
Affected: 11.5(1)ES6
Affected: 10.5(1)ES1
Affected: 12.5(1)
Affected: 12.0(1)ES3
Affected: 11.6(1)ES10
Affected: 12.5(1)ES1
Affected: 12.5(1)ES2
Affected: 12.0(1)ES4
Affected: 12.5(1)ES3
Affected: 12.0(1)ES5
Affected: 12.5(1)ES4
Affected: 12.0(1)ES6
Affected: 12.5(1)ES5
Affected: 12.5(1)ES6
Affected: 12.0(1)ES7
Affected: 12.6(1)
Affected: 12.5(1)ES7
Affected: 11.6(1)ES11
Affected: 12.6(1)ES1
Affected: 12.0(1)ES8
Affected: 12.5(1)ES8
Affected: 12.6(1)ES2
Affected: 12.6(1)ES3
Affected: 12.6(1)ES4
Affected: 12.6(1)ES5
Affected: 12.5(2)
Affected: 12.5(1)_SU
Affected: 12.5(1)SU
Affected: 12.6(1)ES6
Affected: 12.5(1)SU ES1
Affected: 12.6(1)ES7
Affected: 12.6(1)ES7_ET
Affected: 12.6(2)
Affected: 12.6(1)ES8
Affected: 12.6(1)ES9
Affected: 12.6(2)ES1
Affected: 12.6(1)ES10
Affected: 12.5(1)SU ES2
Affected: 12.6(1)ES11
Affected: 12.6(2)ES2
Affected: 12.6(2)ES3
Affected: 12.5(1)SU ES3
Affected: 12.6(2)ES4
Affected: 12.6(2)ES5
Affected: 15.0(1)
Affected: 12.6(2)ES6
Affected: 15.0(1)ES202508
Affected: 15.0(1)ES202511
Affected: 15.0(1)ES202602
Affected: 15.0(1)SU1
Affected: 12.6(2)ES7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20175",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T17:45:48.882718Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T17:46:00.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Finesse",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)ES_Rollback"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)FIPS"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES10"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES3"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES5"
            },
            {
              "status": "affected",
              "version": "15.0(1)"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES6"
            },
            {
              "status": "affected",
              "version": "15.0(1)ES202508"
            },
            {
              "status": "affected",
              "version": "15.0(1)ES202511"
            },
            {
              "status": "affected",
              "version": "15.0(1)ES202602"
            },
            {
              "status": "affected",
              "version": "15.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "External Control of File Name or Path",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T16:06:15.233Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-finesse-rfi-gwpkdc89",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89"
        }
      ],
      "source": {
        "advisory": "cisco-sa-finesse-rfi-gwpkdc89",
        "defects": [
          "CSCws76655"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Finesse File Inclusion Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20175",
    "datePublished": "2026-06-03T16:06:15.233Z",
    "dateReserved": "2025-10-08T11:59:15.392Z",
    "dateUpdated": "2026-06-03T17:46:00.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20233 (GCVE-0-2026-20233)

Vulnerability from cvelistv5 – Published: 2026-06-03 16:06 – Updated: 2026-06-03 17:49
VLAI?
Title
Cisco Webex Meetings Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Webex Meetings Affected: 39.7.7
Affected: 39.9
Affected: 40.4.10
Affected: 39.6
Affected: 40.6.2
Affected: 39.8.2
Affected: 39.8.4
Affected: 40.1
Affected: 39.11
Affected: 39.7.4
Affected: 39.9.1
Affected: 40.4
Affected: 40.6
Affected: 39.7
Affected: 39.8
Affected: 39.8.3
Affected: 40.2
Affected: 39.10
Affected: 42.6
Affected: 42.7
Affected: 42.8
Affected: 42.9
Affected: 42.10
Affected: 42.11
Affected: 42.12
Affected: 43.1
Affected: 43.2
Affected: 43.3
Affected: 43.4
Affected: 43.4.1
Affected: 43.4.2
Affected: 43.5.0
Affected: 43.6.0
Affected: 43.6.1
Affected: 43.7
Affected: 43.8
Affected: 43.9
Affected: 43.10
Affected: 43.11
Affected: 43.12
Affected: 44.1
Affected: 44.2
Affected: 44.3
Affected: 44.4
Affected: 44.5
Affected: 44.6
Affected: 44.7
Affected: 44.8
Affected: 44.9
Affected: 44.10
Affected: 44.11
Affected: 44.12
Affected: 45.1
Affected: 45.2
Affected: 45.3
Affected: 45.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20233",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-03T17:46:57.004996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-03T17:49:49.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Webex Meetings",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "39.7.7"
            },
            {
              "status": "affected",
              "version": "39.9"
            },
            {
              "status": "affected",
              "version": "40.4.10"
            },
            {
              "status": "affected",
              "version": "39.6"
            },
            {
              "status": "affected",
              "version": "40.6.2"
            },
            {
              "status": "affected",
              "version": "39.8.2"
            },
            {
              "status": "affected",
              "version": "39.8.4"
            },
            {
              "status": "affected",
              "version": "40.1"
            },
            {
              "status": "affected",
              "version": "39.11"
            },
            {
              "status": "affected",
              "version": "39.7.4"
            },
            {
              "status": "affected",
              "version": "39.9.1"
            },
            {
              "status": "affected",
              "version": "40.4"
            },
            {
              "status": "affected",
              "version": "40.6"
            },
            {
              "status": "affected",
              "version": "39.7"
            },
            {
              "status": "affected",
              "version": "39.8"
            },
            {
              "status": "affected",
              "version": "39.8.3"
            },
            {
              "status": "affected",
              "version": "40.2"
            },
            {
              "status": "affected",
              "version": "39.10"
            },
            {
              "status": "affected",
              "version": "42.6"
            },
            {
              "status": "affected",
              "version": "42.7"
            },
            {
              "status": "affected",
              "version": "42.8"
            },
            {
              "status": "affected",
              "version": "42.9"
            },
            {
              "status": "affected",
              "version": "42.10"
            },
            {
              "status": "affected",
              "version": "42.11"
            },
            {
              "status": "affected",
              "version": "42.12"
            },
            {
              "status": "affected",
              "version": "43.1"
            },
            {
              "status": "affected",
              "version": "43.2"
            },
            {
              "status": "affected",
              "version": "43.3"
            },
            {
              "status": "affected",
              "version": "43.4"
            },
            {
              "status": "affected",
              "version": "43.4.1"
            },
            {
              "status": "affected",
              "version": "43.4.2"
            },
            {
              "status": "affected",
              "version": "43.5.0"
            },
            {
              "status": "affected",
              "version": "43.6.0"
            },
            {
              "status": "affected",
              "version": "43.6.1"
            },
            {
              "status": "affected",
              "version": "43.7"
            },
            {
              "status": "affected",
              "version": "43.8"
            },
            {
              "status": "affected",
              "version": "43.9"
            },
            {
              "status": "affected",
              "version": "43.10"
            },
            {
              "status": "affected",
              "version": "43.11"
            },
            {
              "status": "affected",
              "version": "43.12"
            },
            {
              "status": "affected",
              "version": "44.1"
            },
            {
              "status": "affected",
              "version": "44.2"
            },
            {
              "status": "affected",
              "version": "44.3"
            },
            {
              "status": "affected",
              "version": "44.4"
            },
            {
              "status": "affected",
              "version": "44.5"
            },
            {
              "status": "affected",
              "version": "44.6"
            },
            {
              "status": "affected",
              "version": "44.7"
            },
            {
              "status": "affected",
              "version": "44.8"
            },
            {
              "status": "affected",
              "version": "44.9"
            },
            {
              "status": "affected",
              "version": "44.10"
            },
            {
              "status": "affected",
              "version": "44.11"
            },
            {
              "status": "affected",
              "version": "44.12"
            },
            {
              "status": "affected",
              "version": "45.1"
            },
            {
              "status": "affected",
              "version": "45.2"
            },
            {
              "status": "affected",
              "version": "45.3"
            },
            {
              "status": "affected",
              "version": "45.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.\r\n\r\nThis vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-03T16:06:06.659Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webex-xss-jw3NeQzS",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-jw3NeQzS"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-xss-jw3NeQzS",
        "defects": [
          "CSCwt96631"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Webex Meetings Cross-Site Scripting Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20233",
    "datePublished": "2026-06-03T16:06:06.659Z",
    "dateReserved": "2025-10-08T11:59:15.399Z",
    "dateUpdated": "2026-06-03T17:49:49.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}