Search

Find a vulnerability

Search criteria

    6418 vulnerabilities

    CVE-2026-20298 (GCVE-0-2026-20298)

    Vulnerability from cvelistv5 – Published: 2026-07-15 17:18 – Updated: 2026-07-16 03:55
    VLAI
    Title
    Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.4 , < 10.4.1 (custom)
    Affected: 10.2 , < 10.2.5 (custom)
    Affected: 10.0 , < 10.0.8 (custom)
    Affected: 9.4 , < 9.4.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.5.2605 , < 10.5.2605.0 (custom)
    Affected: 10.4.2604 , < 10.4.2604.6 (custom)
    Affected: 10.3.2512 , < 10.3.2512.15 (custom)
    Affected: 10.2.2510 , < 10.2.2510.18 (custom)
    Affected: 10.1.2507 , < 10.1.2507.24 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20298",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T03:55:51.583Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.1",
                  "status": "affected",
                  "version": "10.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.5",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.13",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.5.2605.0",
                  "status": "affected",
                  "version": "10.5.2605",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.4.2604.6",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.15",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.18",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.24",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.\u003cbr\u003e\u003cbr\u003eThe exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.\u003cbr\u003e\u003cbr\u003eThe exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T17:18:32.070Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0704"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0704"
          },
          "title": "Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20298",
        "datePublished": "2026-07-15T17:18:32.070Z",
        "dateReserved": "2025-10-08T11:59:15.407Z",
        "dateUpdated": "2026-07-16T03:55:51.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20296 (GCVE-0-2026-20296)

    Vulnerability from cvelistv5 – Published: 2026-07-15 17:18 – Updated: 2026-07-16 03:55
    VLAI
    Title
    SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the `list_deployment_server` capability into running arbitrary Search Processing Language (SPL) searches on their behalf as `splunk-system-user`, allowing for access to stored credentials and indexed data.<br><br>The vulnerability is possible because Deployment Server endpoints in Splunk Web do not validate Cross-Site Request Forgery (CSRF) tokens on GET requests, and caller-supplied input is not correctly neutralized before it is placed into an SPL search.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.4 , < 10.4.1 (custom)
    Affected: 10.2 , < 10.2.5 (custom)
    Affected: 10.0 , < 10.0.8 (custom)
    Affected: 9.4 , < 9.4.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.5.2605 , < 10.5.2605.0 (custom)
    Affected: 10.4.2604 , < 10.4.2604.7 (custom)
    Affected: 10.3.2512 , < 10.3.2512.16 (custom)
    Affected: 10.2.2510 , < 10.2.2510.18 (custom)
    Affected: 10.1.2507 , < 10.1.2507.24 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20296",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T03:55:54.695Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.1",
                  "status": "affected",
                  "version": "10.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.5",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.13",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.5.2605.0",
                  "status": "affected",
                  "version": "10.5.2605",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.4.2604.7",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.16",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.18",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.24",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the `list_deployment_server` capability into running arbitrary Search Processing Language (SPL) searches on their behalf as `splunk-system-user`, allowing for access to stored credentials and indexed data.\u003cbr\u003e\u003cbr\u003eThe vulnerability is possible because Deployment Server endpoints in Splunk Web do not validate Cross-Site Request Forgery (CSRF) tokens on GET requests, and caller-supplied input is not correctly neutralized before it is placed into an SPL search."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the `list_deployment_server` capability into running arbitrary Search Processing Language (SPL) searches on their behalf as `splunk-system-user`, allowing for access to stored credentials and indexed data.\u003cbr\u003e\u003cbr\u003eThe vulnerability is possible because Deployment Server endpoints in Splunk Web do not validate Cross-Site Request Forgery (CSRF) tokens on GET requests, and caller-supplied input is not correctly neutralized before it is placed into an SPL search."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T17:18:23.696Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0702"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0702"
          },
          "title": "SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20296",
        "datePublished": "2026-07-15T17:18:23.696Z",
        "dateReserved": "2025-10-08T11:59:15.407Z",
        "dateUpdated": "2026-07-16T03:55:54.695Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20297 (GCVE-0-2026-20297)

    Vulnerability from cvelistv5 – Published: 2026-07-15 17:18 – Updated: 2026-07-16 03:55
    VLAI
    Title
    Path Traversal through 'explicit_appname' in the App Install REST Endpoint in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.4 , < 10.4.1 (custom)
    Affected: 10.2 , < 10.2.5 (custom)
    Affected: 10.0 , < 10.0.8 (custom)
    Affected: 9.4 , < 9.4.13 (custom)
    Affected: 9.3 , < 9.3.14 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.5.2605 , < 10.5.2605.0 (custom)
    Affected: 10.4.2604 , < 10.4.2604.6 (custom)
    Affected: 10.2.2510 , < 10.2.2510.18 (custom)
    Affected: 10.1.2507 , < 10.1.2507.24 (custom)
    Create a notification for this product.
    Date Public
    2026-07-15 00:00
    Credits
    Vinay Manivel, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-16T03:55:53.915Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.1",
                  "status": "affected",
                  "version": "10.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.5",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.8",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.13",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.14",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.5.2605.0",
                  "status": "affected",
                  "version": "10.5.2605",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.4.2604.6",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.18",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.24",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vinay Manivel, Splunk"
            }
          ],
          "datePublic": "2026-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.\u003cbr\u003e\u003cbr\u003eThe vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.\u003cbr\u003e\u003cbr\u003eThe vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T17:18:13.390Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0703"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0703"
          },
          "title": "Path Traversal through \u0027explicit_appname\u0027 in the App Install REST Endpoint in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20297",
        "datePublished": "2026-07-15T17:18:13.390Z",
        "dateReserved": "2025-10-08T11:59:15.407Z",
        "dateUpdated": "2026-07-16T03:55:53.915Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20187 (GCVE-0-2026-20187)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:18 – Updated: 2026-07-15 18:05
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20187 are related to improper handling of exceptional conditions that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-703.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:04:49.118521Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:05:01.949Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20187 are related to improper handling of exceptional conditions that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-703."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:18:37.525Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu64819"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20187",
        "datePublished": "2026-07-15T16:18:37.525Z",
        "dateReserved": "2025-10-08T11:59:15.394Z",
        "dateUpdated": "2026-07-15T18:05:01.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20158 (GCVE-0-2026-20158)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:18 – Updated: 2026-07-15 18:07
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20158 are related to improper control of a resource through its lifetime that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-664.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-664 - Improper Control of a Resource Through its Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Affected: RoomOS 11.38.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20158",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:06:50.394507Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:07:02.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.38.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20158 are related to improper control of a resource through its lifetime that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-664."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-664",
                  "description": "Improper Control of a Resource Through its Lifetime",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:18:27.994Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu59015"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20158",
        "datePublished": "2026-07-15T16:18:27.994Z",
        "dateReserved": "2025-10-08T11:59:15.387Z",
        "dateUpdated": "2026-07-15T18:07:02.708Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20153 (GCVE-0-2026-20153)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:18 – Updated: 2026-07-15 18:06
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Affected: RoomOS 11.38.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:06:30.490867Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:06:37.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.38.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:18:14.073Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu59024"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20153",
        "datePublished": "2026-07-15T16:18:14.073Z",
        "dateReserved": "2025-10-08T11:59:15.386Z",
        "dateUpdated": "2026-07-15T18:06:37.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20157 (GCVE-0-2026-20157)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:18 – Updated: 2026-07-15 18:06
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-311 - Missing Encryption of Sensitive Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Affected: RoomOS 11.38.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:06:08.142512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:06:16.748Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.38.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "Missing Encryption of Sensitive Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:18:04.406Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu64826"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20157",
        "datePublished": "2026-07-15T16:18:04.406Z",
        "dateReserved": "2025-10-08T11:59:15.387Z",
        "dateUpdated": "2026-07-15T18:06:16.748Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20156 (GCVE-0-2026-20156)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:17 – Updated: 2026-07-15 18:05
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Affected: RoomOS 11.38.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20156",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:05:33.626503Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:05:46.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.38.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:17:52.307Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu64806"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20156",
        "datePublished": "2026-07-15T16:17:52.307Z",
        "dateReserved": "2025-10-08T11:59:15.387Z",
        "dateUpdated": "2026-07-15T18:05:46.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20146 (GCVE-0-2026-20146)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:17 – Updated: 2026-07-15 17:58
    VLAI
    Title
    Cisco Identity Services Engine Path Traversal Vulnerability
    Summary
    A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.&nbsp; This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files or delete arbitrary files on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Identity Services Engine Software Affected: 3.1.0
    Affected: 3.1.0 p1
    Affected: 3.1.0 p3
    Affected: 3.1.0 p2
    Affected: 3.2.0
    Affected: 3.1.0 p4
    Affected: 3.1.0 p5
    Affected: 3.2.0 p1
    Affected: 3.1.0 p6
    Affected: 3.2.0 p2
    Affected: 3.1.0 p7
    Affected: 3.3.0
    Affected: 3.2.0 p3
    Affected: 3.2.0 p4
    Affected: 3.1.0 p8
    Affected: 3.2.0 p5
    Affected: 3.2.0 p6
    Affected: 3.1.0 p9
    Affected: 3.3 Patch 2
    Affected: 3.3 Patch 1
    Affected: 3.3 Patch 3
    Affected: 3.4.0
    Affected: 3.2.0 p7
    Affected: 3.3 Patch 4
    Affected: 3.4 Patch 1
    Affected: 3.1.0 p10
    Affected: 3.3 Patch 5
    Affected: 3.3 Patch 6
    Affected: 3.4 Patch 2
    Affected: 3.3 Patch 7
    Affected: 3.4 Patch 3
    Affected: 3.5.0
    Affected: 3.4 Patch 4
    Affected: 3.3 Patch 8
    Affected: 3.2 Patch 8
    Affected: 3.5 Patch 1
    Affected: 3.3 Patch 9
    Affected: 3.2 Patch 9
    Affected: 3.4 Patch 5
    Affected: 3.5 Patch 3
    Affected: 3.5 Patch 2
    Affected: 3.3 Patch 10
    Create a notification for this product.
    Cisco Cisco ISE Passive Identity Connector Affected: 3.2.0
    Affected: 3.1.0
    Affected: 3.3.0
    Affected: 3.4.0
    Affected: 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20146",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T17:58:07.078523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T17:58:15.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Identity Services Engine Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p3"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p2"
                },
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p4"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p5"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p6"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p2"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p7"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p3"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p4"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p8"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p5"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p6"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p9"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.4.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p7"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 4"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p10"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 5"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 6"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 7"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.5.0"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 4"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 8"
                },
                {
                  "status": "affected",
                  "version": "3.2 Patch 8"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 9"
                },
                {
                  "status": "affected",
                  "version": "3.2 Patch 9"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 5"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 10"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco ISE Passive Identity Connector",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                },
                {
                  "status": "affected",
                  "version": "3.4.0"
                },
                {
                  "status": "affected",
                  "version": "3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files or delete arbitrary files on the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:17:30.420Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ise-traversal-xNt7wb2Y",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-xNt7wb2Y"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ise-traversal-xNt7wb2Y",
            "defects": [
              "CSCws68683"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Identity Services Engine Path Traversal Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20146",
        "datePublished": "2026-07-15T16:17:30.420Z",
        "dateReserved": "2025-10-08T11:59:15.384Z",
        "dateUpdated": "2026-07-15T17:58:15.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20150 (GCVE-0-2026-20150)

    Vulnerability from cvelistv5 – Published: 2026-07-15 16:17 – Updated: 2026-07-15 18:46
    VLAI
    Title
    Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities
    Summary
    As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20150 are related to improper access control&nbsp;that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-284.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco RoomOS Software Affected: RoomOS 10.11.2.2
    Affected: RoomOS 10.15.2.2
    Affected: RoomOS 11.5.4.6
    Affected: RoomOS 11.5.2.4
    Affected: RoomOS 10.8.2.5
    Affected: RoomOS 10.11.5.2
    Affected: RoomOS 10.11.3.0
    Affected: RoomOS 10.15.5.3
    Affected: RoomOS 10.19.2.2
    Affected: RoomOS 11.1.3.1
    Affected: RoomOS 10.11.6.0
    Affected: RoomOS 10.19.3.0
    Affected: RoomOS 10.19.4.2
    Affected: RoomOS 10.3.2.4
    Affected: RoomOS 10.3.4.0
    Affected: RoomOS 10.15.3.0
    Affected: RoomOS 11.1.4.1
    Affected: RoomOS 11.14.2.3
    Affected: RoomOS 11.1.2.4
    Affected: RoomOS 10.8.3.1
    Affected: RoomOS 11.14.2.1
    Affected: RoomOS 10.3.3.0
    Affected: RoomOS 10.8.4.0
    Affected: RoomOS 10.15.4.1
    Affected: RoomOS 10.19.5.6
    Affected: RoomOS 10.11.4.1
    Affected: RoomOS 11.9.3.1
    Affected: RoomOS 11.5.3.3
    Affected: RoomOS 10.3.2.0
    Affected: RoomOS 11.9.2.4
    Affected: RoomOS 11.14.3.0
    Affected: RoomOS 11.17.2.2
    Affected: RoomOS 11.14.4.0
    Affected: RoomOS 10.19 StepUpg
    Affected: RoomOS 11.17.3.0
    Affected: RoomOS 11.20.2.3
    Affected: RoomOS 11.14.5.0
    Affected: RoomOS 11.17.4.0
    Affected: RoomOS 11.20.3.0
    Affected: RoomOS 11.23.1.6
    Affected: RoomOS 11.23.1.8
    Affected: RoomOS 11.24.1.5
    Affected: RoomOS 11.24.2.4
    Affected: RoomOS 11.24.3.0
    Affected: RoomOS 11.24.4.1
    Affected: RoomOS 11.27.2.0
    Affected: RoomOS 11.28.1.3
    Affected: RoomOS 11.27.3.0
    Affected: RoomOS 11.31.1.5
    Affected: RoomOS 11.27.4.0
    Affected: RoomOS 11.32.2.1
    Affected: RoomOS 11.33.1.7
    Affected: RoomOS 26.0.1.2
    Affected: RoomOS 11.34.1.2
    Affected: RoomOS 11.32.3.0
    Affected: RoomOS 11.27.5.0
    Affected: RoomOS 11.32.4.0
    Affected: RoomOS 26.1.1.5
    Affected: RoomOS 11.35.1.2
    Affected: RoomOS 26.2.2.2
    Affected: RoomOS 11.32.5.1
    Affected: RoomOS 26.4.1.6
    Affected: RoomOS 26.4.1.4
    Affected: RoomOS 26.3.1.3
    Affected: RoomOS 11.36.1.1
    Affected: RoomOS 11.37.1.0
    Affected: RoomOS 26.5.2.0
    Affected: RoomOS 11.38.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20150",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T18:46:22.944748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T18:46:29.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco RoomOS Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.4.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.2.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.5.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.5.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.6.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.4.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.1.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.8.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19.5.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.11.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.5.3.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.3.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.9.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 10.19 StepUpg"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.2.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.14.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.17.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.20.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.23.1.8"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.2.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.24.4.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.28.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.31.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.2.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.33.1.7"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.0.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.34.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.3.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.27.5.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.4.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.35.1.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.32.5.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.4.1.4"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.3.1.3"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.36.1.1"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.37.1.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 26.5.2.0"
                },
                {
                  "status": "affected",
                  "version": "RoomOS 11.38.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of Cisco\u0027s ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.\r\n\r\nThe vulnerabilities tracked by CVE-2026-20150 are related to improper access control\u0026nbsp;that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-284."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T16:17:00.370Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-hardening-roomos-AqNMbEq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-hardening-roomos-AqNMbEq",
            "defects": [
              "CSCwu54714"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20150",
        "datePublished": "2026-07-15T16:17:00.370Z",
        "dateReserved": "2025-10-08T11:59:15.385Z",
        "dateUpdated": "2026-07-15T18:46:29.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20243 (GCVE-0-2026-20243)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:30 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV ALZ Archive Processing Denial of Service Vulnerability
    Summary
    A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:19:13.065202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.088Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:30:20.848Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwu18798"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV ALZ Archive Processing Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20243",
        "datePublished": "2026-07-01T16:30:20.848Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-07-01T17:25:08.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20244 (GCVE-0-2026-20244)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV DMG File Processing Denial of Service Vulnerability
    Summary
    A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:17:32.499689Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:28:27.613Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwu22472"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV DMG File Processing Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20244",
        "datePublished": "2026-07-01T16:28:27.613Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-07-01T17:25:08.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20215 (GCVE-0-2026-20215)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability
    Summary
    A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z&nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20215",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:17:41.483279Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.547Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z\u0026nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:28:09.844Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwt62781"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20215",
        "datePublished": "2026-07-01T16:28:09.844Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-07-01T17:25:08.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20217 (GCVE-0-2026-20217)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability
    Summary
    A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20217",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:17:51.378262Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.697Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:28:03.720Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwt57454"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20217",
        "datePublished": "2026-07-01T16:28:03.720Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-07-01T17:25:08.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20216 (GCVE-0-2026-20216)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability
    Summary
    A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20216",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:03.116587Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.850Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:27:51.314Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwt44538"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20216",
        "datePublished": "2026-07-01T16:27:51.314Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-07-01T17:25:08.850Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20213 (GCVE-0-2026-20213)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability
    Summary
    A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:10.967118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:08.998Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:27:38.657Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwt62774"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20213",
        "datePublished": "2026-07-01T16:27:38.657Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-07-01T17:25:08.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20214 (GCVE-0-2026-20214)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
    VLAI
    Title
    ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability
    Summary
    A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Secure Endpoint Affected: 7.0.5
    Affected: 6.2.19
    Affected: 7.3.3
    Affected: 7.2.13
    Affected: 6.1.5
    Affected: 6.3.1
    Affected: 6.2.5
    Affected: 7.3.5
    Affected: 6.2.1
    Affected: 7.2.7
    Affected: 7.1.1
    Affected: 6.3.5
    Affected: 6.2.9
    Affected: 7.3.1
    Affected: 6.1.7
    Affected: 7.2.11
    Affected: 7.2.3
    Affected: 7.1.5
    Affected: 6.3.3
    Affected: 7.3.9
    Affected: 6.2.3
    Affected: 6.1.9
    Affected: 6.0.9
    Affected: 7.2.5
    Affected: 6.0.7
    Affected: 6.3.7
    Affected: 1.12.3
    Affected: 1.8.0
    Affected: 1.11.1
    Affected: 1.12.4
    Affected: 1.10.0
    Affected: 1.12.0
    Affected: 1.8.1
    Affected: 1.10.1
    Affected: 1.12.1
    Affected: 1.12.6
    Affected: 1.14.0
    Affected: 1.10.2
    Affected: 1.12.7
    Affected: 1.12.2
    Affected: 1.6.0
    Affected: 1.9.0
    Affected: 1.11.0
    Affected: 1.7.0
    Affected: 1.13.0
    Affected: 1.8.4
    Affected: 1.13.1
    Affected: 1.9.1
    Affected: 1.12.5
    Affected: 1.13.2
    Affected: 8.1.7.21512
    Affected: 8.1.7
    Affected: 8.1.5
    Affected: 8.1.3.21242
    Affected: 8.1.3
    Affected: 8.1.5.21322
    Affected: 8.1.7.21417
    Affected: 1.14.1
    Affected: 1.15.1
    Affected: 1.15.2
    Affected: 1.15.3
    Affected: 1.15.4
    Affected: 1.15.5
    Affected: 1.15.6
    Affected: 1.16.0
    Affected: 1.16.1
    Affected: 1.16.2
    Affected: 1.16.3
    Affected: 1.18.0
    Affected: 1.18.1
    Affected: 1.20.0
    Affected: 1.21.0
    Affected: 1.21.1
    Affected: 1.21.2
    Affected: 1.21.3
    Affected: 1.22.0
    Affected: 1.22.1
    Affected: 1.22.2
    Affected: 1.22.3
    Affected: 1.22.4
    Affected: 1.24.0
    Affected: 1.24.1
    Affected: 1.24.2
    Affected: 1.24.3
    Affected: 1.24.4
    Affected: 1.26.0
    Affected: 1.24.5
    Affected: 1.26.1
    Affected: 1.27.0
    Affected: 1.15.0
    Affected: 1.17.0
    Affected: 1.17.1
    Affected: 1.17.2
    Affected: 1.19.0
    Affected: 1.20.1
    Affected: 1.20.2
    Affected: 1.20.3
    Affected: 1.20.4
    Affected: 1.20.5
    Affected: 1.20.6
    Affected: 1.23.0
    Affected: 1.23.1
    Affected: 1.20.7
    Affected: 1.20.8
    Affected: 1.25.0
    Affected: 1.25.1
    Affected: 1.25.2
    Affected: 1.27.1
    Affected: 1.27.2
    Affected: 7.3.13
    Affected: 7.3.15
    Affected: 7.4.1
    Affected: 7.4.1.20425
    Affected: 7.4.1.20439
    Affected: 7.4.3
    Affected: 7.4.3.20679
    Affected: 7.4.5
    Affected: 7.5.1.20813
    Affected: 7.5.1.20833
    Affected: 7.5.3
    Affected: 7.5.5
    Affected: 8.0.1.21160
    Affected: 8.0.1.21164
    Affected: 7.5.7
    Affected: 7.5.9
    Affected: 7.5.11
    Affected: 8.1.7.21585
    Affected: 7.5.13.21586
    Affected: 7.5.13.21598
    Affected: 8.2.1.21612
    Affected: 8.2.1.21650
    Affected: 7.5.15.21611
    Affected: 7.5.17.21680
    Affected: 8.2.3.30119
    Affected: 8.2.4.30130
    Affected: 8.4.0
    Affected: 7.5.19
    Affected: 8.4.1.30298
    Affected: 8.4.2.30317
    Affected: 8.4.1.30307
    Affected: 7.5.20
    Affected: 8.4.3
    Affected: 8.4.4.30419
    Affected: 8.4.4.30467
    Affected: 7.5.21.21732
    Affected: 8.4.5.30483
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:19.481926Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.148Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Secure Endpoint",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.19"
                },
                {
                  "status": "affected",
                  "version": "7.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.2.13"
                },
                {
                  "status": "affected",
                  "version": "6.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "7.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "7.2.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "6.3.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.9"
                },
                {
                  "status": "affected",
                  "version": "7.3.1"
                },
                {
                  "status": "affected",
                  "version": "6.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.2.11"
                },
                {
                  "status": "affected",
                  "version": "7.2.3"
                },
                {
                  "status": "affected",
                  "version": "7.1.5"
                },
                {
                  "status": "affected",
                  "version": "6.3.3"
                },
                {
                  "status": "affected",
                  "version": "7.3.9"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.1.9"
                },
                {
                  "status": "affected",
                  "version": "6.0.9"
                },
                {
                  "status": "affected",
                  "version": "7.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.0.7"
                },
                {
                  "status": "affected",
                  "version": "6.3.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.3"
                },
                {
                  "status": "affected",
                  "version": "1.8.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.4"
                },
                {
                  "status": "affected",
                  "version": "1.10.0"
                },
                {
                  "status": "affected",
                  "version": "1.12.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.1"
                },
                {
                  "status": "affected",
                  "version": "1.10.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.6"
                },
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.10.2"
                },
                {
                  "status": "affected",
                  "version": "1.12.7"
                },
                {
                  "status": "affected",
                  "version": "1.12.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0"
                },
                {
                  "status": "affected",
                  "version": "1.9.0"
                },
                {
                  "status": "affected",
                  "version": "1.11.0"
                },
                {
                  "status": "affected",
                  "version": "1.7.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.8.4"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.9.1"
                },
                {
                  "status": "affected",
                  "version": "1.12.5"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21512"
                },
                {
                  "status": "affected",
                  "version": "8.1.7"
                },
                {
                  "status": "affected",
                  "version": "8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.1.3.21242"
                },
                {
                  "status": "affected",
                  "version": "8.1.3"
                },
                {
                  "status": "affected",
                  "version": "8.1.5.21322"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21417"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                },
                {
                  "status": "affected",
                  "version": "1.15.3"
                },
                {
                  "status": "affected",
                  "version": "1.15.4"
                },
                {
                  "status": "affected",
                  "version": "1.15.5"
                },
                {
                  "status": "affected",
                  "version": "1.15.6"
                },
                {
                  "status": "affected",
                  "version": "1.16.0"
                },
                {
                  "status": "affected",
                  "version": "1.16.1"
                },
                {
                  "status": "affected",
                  "version": "1.16.2"
                },
                {
                  "status": "affected",
                  "version": "1.16.3"
                },
                {
                  "status": "affected",
                  "version": "1.18.0"
                },
                {
                  "status": "affected",
                  "version": "1.18.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.0"
                },
                {
                  "status": "affected",
                  "version": "1.21.1"
                },
                {
                  "status": "affected",
                  "version": "1.21.2"
                },
                {
                  "status": "affected",
                  "version": "1.21.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.0"
                },
                {
                  "status": "affected",
                  "version": "1.22.1"
                },
                {
                  "status": "affected",
                  "version": "1.22.2"
                },
                {
                  "status": "affected",
                  "version": "1.22.3"
                },
                {
                  "status": "affected",
                  "version": "1.22.4"
                },
                {
                  "status": "affected",
                  "version": "1.24.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.1"
                },
                {
                  "status": "affected",
                  "version": "1.24.2"
                },
                {
                  "status": "affected",
                  "version": "1.24.3"
                },
                {
                  "status": "affected",
                  "version": "1.24.4"
                },
                {
                  "status": "affected",
                  "version": "1.26.0"
                },
                {
                  "status": "affected",
                  "version": "1.24.5"
                },
                {
                  "status": "affected",
                  "version": "1.26.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.0"
                },
                {
                  "status": "affected",
                  "version": "1.17.1"
                },
                {
                  "status": "affected",
                  "version": "1.17.2"
                },
                {
                  "status": "affected",
                  "version": "1.19.0"
                },
                {
                  "status": "affected",
                  "version": "1.20.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.2"
                },
                {
                  "status": "affected",
                  "version": "1.20.3"
                },
                {
                  "status": "affected",
                  "version": "1.20.4"
                },
                {
                  "status": "affected",
                  "version": "1.20.5"
                },
                {
                  "status": "affected",
                  "version": "1.20.6"
                },
                {
                  "status": "affected",
                  "version": "1.23.0"
                },
                {
                  "status": "affected",
                  "version": "1.23.1"
                },
                {
                  "status": "affected",
                  "version": "1.20.7"
                },
                {
                  "status": "affected",
                  "version": "1.20.8"
                },
                {
                  "status": "affected",
                  "version": "1.25.0"
                },
                {
                  "status": "affected",
                  "version": "1.25.1"
                },
                {
                  "status": "affected",
                  "version": "1.25.2"
                },
                {
                  "status": "affected",
                  "version": "1.27.1"
                },
                {
                  "status": "affected",
                  "version": "1.27.2"
                },
                {
                  "status": "affected",
                  "version": "7.3.13"
                },
                {
                  "status": "affected",
                  "version": "7.3.15"
                },
                {
                  "status": "affected",
                  "version": "7.4.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20425"
                },
                {
                  "status": "affected",
                  "version": "7.4.1.20439"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.3.20679"
                },
                {
                  "status": "affected",
                  "version": "7.4.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20813"
                },
                {
                  "status": "affected",
                  "version": "7.5.1.20833"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21160"
                },
                {
                  "status": "affected",
                  "version": "8.0.1.21164"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.11"
                },
                {
                  "status": "affected",
                  "version": "8.1.7.21585"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21586"
                },
                {
                  "status": "affected",
                  "version": "7.5.13.21598"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21612"
                },
                {
                  "status": "affected",
                  "version": "8.2.1.21650"
                },
                {
                  "status": "affected",
                  "version": "7.5.15.21611"
                },
                {
                  "status": "affected",
                  "version": "7.5.17.21680"
                },
                {
                  "status": "affected",
                  "version": "8.2.3.30119"
                },
                {
                  "status": "affected",
                  "version": "8.2.4.30130"
                },
                {
                  "status": "affected",
                  "version": "8.4.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.19"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30298"
                },
                {
                  "status": "affected",
                  "version": "8.4.2.30317"
                },
                {
                  "status": "affected",
                  "version": "8.4.1.30307"
                },
                {
                  "status": "affected",
                  "version": "7.5.20"
                },
                {
                  "status": "affected",
                  "version": "8.4.3"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30419"
                },
                {
                  "status": "affected",
                  "version": "8.4.4.30467"
                },
                {
                  "status": "affected",
                  "version": "7.5.21.21732"
                },
                {
                  "status": "affected",
                  "version": "8.4.5.30483"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:27:33.622Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-clamav-88cFYyxR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-clamav-88cFYyxR",
            "defects": [
              "CSCwt62779"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20214",
        "datePublished": "2026-07-01T16:27:33.622Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-07-01T17:25:09.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20191 (GCVE-0-2026-20191)

    Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
    VLAI
    Title
    Cisco Catalyst Center Arbitrary File Read Vulnerability
    Summary
    A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.&nbsp; This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Catalyst Center Affected: 2.3.7.0-VA
    Affected: 2.3.7.5-VA
    Affected: 2.3.7.6-VA
    Affected: 2.3.7.7-VA
    Affected: 2.3.7.9-VA
    Affected: 3.1.3
    Affected: 3.1.3-VA
    Affected: 2.3.7.10-VA
    Affected: 3.1.5
    Affected: 3.1.5-VA
    Affected: 3.1.5-VA on AWS
    Affected: 3.1.5-RevUp
    Affected: 3.1.6
    Affected: 3.1.6-VA
    Affected: 3.1.6-BETA
    Affected: 3.1.6-GSMU100
    Affected: 3.1.6-VA-GSMU100
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T17:18:27.744122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T17:25:09.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Catalyst Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.7.0-VA"
                },
                {
                  "status": "affected",
                  "version": "2.3.7.5-VA"
                },
                {
                  "status": "affected",
                  "version": "2.3.7.6-VA"
                },
                {
                  "status": "affected",
                  "version": "2.3.7.7-VA"
                },
                {
                  "status": "affected",
                  "version": "2.3.7.9-VA"
                },
                {
                  "status": "affected",
                  "version": "3.1.3"
                },
                {
                  "status": "affected",
                  "version": "3.1.3-VA"
                },
                {
                  "status": "affected",
                  "version": "2.3.7.10-VA"
                },
                {
                  "status": "affected",
                  "version": "3.1.5"
                },
                {
                  "status": "affected",
                  "version": "3.1.5-VA"
                },
                {
                  "status": "affected",
                  "version": "3.1.5-VA on AWS"
                },
                {
                  "status": "affected",
                  "version": "3.1.5-RevUp"
                },
                {
                  "status": "affected",
                  "version": "3.1.6"
                },
                {
                  "status": "affected",
                  "version": "3.1.6-VA"
                },
                {
                  "status": "affected",
                  "version": "3.1.6-BETA"
                },
                {
                  "status": "affected",
                  "version": "3.1.6-GSMU100"
                },
                {
                  "status": "affected",
                  "version": "3.1.6-VA-GSMU100"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.\u0026nbsp;\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T16:27:32.642Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-catc-file-read-wLH2vf8X",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X"
            }
          ],
          "source": {
            "advisory": "cisco-sa-catc-file-read-wLH2vf8X",
            "defects": [
              "CSCwt73509"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Catalyst Center Arbitrary File Read Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20191",
        "datePublished": "2026-07-01T16:27:32.642Z",
        "dateReserved": "2025-10-08T11:59:15.395Z",
        "dateUpdated": "2026-07-01T17:25:09.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20266 (GCVE-0-2026-20266)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance. The vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:03:52.980872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:08.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:24.598Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0614"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0614"
          },
          "title": "OS Command Injection in the btool Configuration Helper in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20266",
        "datePublished": "2026-06-17T17:07:24.598Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:08.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20265 (GCVE-0-2026-20265)

    Vulnerability from cvelistv5 – Published: 2026-06-17 17:07 – Updated: 2026-06-17 18:04
    VLAI
    Title
    Insecure Default Domain Allowlist in Splunk AI Toolkit
    Summary
    In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1188 - The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk AI Toolkit Affected: 5.7 , < 5.7.4 (custom)
    Create a notification for this product.
    Date Public
    2026-06-17 00:00
    Credits
    Gabriel Nitu, Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:04:24.981105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:04:30.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk AI Toolkit",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "5.7.4",
                  "status": "affected",
                  "version": "5.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Gabriel Nitu, Splunk"
            }
          ],
          "datePublic": "2026-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
                }
              ],
              "value": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1188",
                  "description": "The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T17:07:19.943Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0613"
          },
          "title": "Insecure Default Domain Allowlist in Splunk AI Toolkit"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20265",
        "datePublished": "2026-06-17T17:07:19.943Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T18:04:30.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20178 (GCVE-0-2026-20178)

    Vulnerability from cvelistv5 – Published: 2026-06-17 16:28 – Updated: 2026-06-17 18:13
    VLAI
    Summary
    A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20178",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T18:13:20.277003Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T18:13:35.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Webex App",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed.\r\n\r This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T16:28:34.825Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-webex-app-redirect-KOyxhffH",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH"
            }
          ],
          "source": {
            "advisory": "cisco-sa-webex-app-redirect-KOyxhffH",
            "defects": [
              "CSCwt98312"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20178",
        "datePublished": "2026-06-17T16:28:34.825Z",
        "dateReserved": "2025-10-08T11:59:15.392Z",
        "dateUpdated": "2026-06-17T18:13:35.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20246 (GCVE-0-2026-20246)

    Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:17
    VLAI
    Title
    Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
    Summary
    A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Umbrella Insights Virtual Appliance Affected: 2.6.0
    Affected: 2.5.6
    Affected: 2.5
    Affected: 2.4.12
    Affected: 2.7
    Affected: 2.6.2
    Affected: 2.5.5
    Affected: 2.5.4
    Affected: 2.8
    Affected: 2.6.1
    Affected: 2.5.7
    Affected: 1.5.4
    Affected: 1.5.5
    Affected: 1.5.6
    Affected: 2.0.0
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.1.0
    Affected: 2.1.2
    Affected: 2.1.4
    Affected: 2.1.5
    Affected: 2.2
    Affected: 2.2.1
    Affected: 2.3
    Affected: 2.3.1
    Affected: 2.4
    Affected: 2.4.4
    Affected: 2.4.6
    Affected: 2.8.9
    Affected: 3.0
    Affected: 3.1
    Affected: 3.2
    Affected: 2.8.1
    Affected: 2.8.2
    Affected: 2.8.3
    Affected: 2.8.4
    Affected: 2.8.5
    Affected: 3.0.1
    Affected: 3.0.2
    Affected: 3.0.4
    Affected: 3.0.5
    Affected: 3.1.1
    Affected: 3.1.2
    Affected: 3.1.3
    Affected: 3.1.4
    Affected: 3.2.1
    Affected: 3.2.2
    Affected: 3.2.3
    Affected: 3.3
    Affected: 3.3.1
    Affected: 3.3.2
    Affected: 3.3.3
    Affected: 3.3.4
    Affected: 3.4
    Affected: 3.4.1
    Affected: 3.4.2
    Affected: 3.4.3
    Affected: 3.4.4
    Affected: 3.4.5
    Affected: 3.4.6
    Affected: 3.5
    Affected: 2.7.1
    Affected: 2.7.2
    Affected: 2.7.6
    Affected: 2.7.9
    Affected: 2.7.10
    Affected: 3.5.1
    Affected: 3.5.2
    Affected: 3.6.1
    Affected: 3.6.2
    Affected: 3.7
    Affected: 3.7.1
    Affected: 3.8.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:15:44.900787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:17:13.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Umbrella Insights Virtual Appliance",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.6.0"
                },
                {
                  "status": "affected",
                  "version": "2.5.6"
                },
                {
                  "status": "affected",
                  "version": "2.5"
                },
                {
                  "status": "affected",
                  "version": "2.4.12"
                },
                {
                  "status": "affected",
                  "version": "2.7"
                },
                {
                  "status": "affected",
                  "version": "2.6.2"
                },
                {
                  "status": "affected",
                  "version": "2.5.5"
                },
                {
                  "status": "affected",
                  "version": "2.5.4"
                },
                {
                  "status": "affected",
                  "version": "2.8"
                },
                {
                  "status": "affected",
                  "version": "2.6.1"
                },
                {
                  "status": "affected",
                  "version": "2.5.7"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "affected",
                  "version": "1.5.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.2"
                },
                {
                  "status": "affected",
                  "version": "2.1.4"
                },
                {
                  "status": "affected",
                  "version": "2.1.5"
                },
                {
                  "status": "affected",
                  "version": "2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2.1"
                },
                {
                  "status": "affected",
                  "version": "2.3"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                },
                {
                  "status": "affected",
                  "version": "2.4"
                },
                {
                  "status": "affected",
                  "version": "2.4.4"
                },
                {
                  "status": "affected",
                  "version": "2.4.6"
                },
                {
                  "status": "affected",
                  "version": "2.8.9"
                },
                {
                  "status": "affected",
                  "version": "3.0"
                },
                {
                  "status": "affected",
                  "version": "3.1"
                },
                {
                  "status": "affected",
                  "version": "3.2"
                },
                {
                  "status": "affected",
                  "version": "2.8.1"
                },
                {
                  "status": "affected",
                  "version": "2.8.2"
                },
                {
                  "status": "affected",
                  "version": "2.8.3"
                },
                {
                  "status": "affected",
                  "version": "2.8.4"
                },
                {
                  "status": "affected",
                  "version": "2.8.5"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                },
                {
                  "status": "affected",
                  "version": "3.0.2"
                },
                {
                  "status": "affected",
                  "version": "3.0.4"
                },
                {
                  "status": "affected",
                  "version": "3.0.5"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                },
                {
                  "status": "affected",
                  "version": "3.1.3"
                },
                {
                  "status": "affected",
                  "version": "3.1.4"
                },
                {
                  "status": "affected",
                  "version": "3.2.1"
                },
                {
                  "status": "affected",
                  "version": "3.2.2"
                },
                {
                  "status": "affected",
                  "version": "3.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.3"
                },
                {
                  "status": "affected",
                  "version": "3.3.1"
                },
                {
                  "status": "affected",
                  "version": "3.3.2"
                },
                {
                  "status": "affected",
                  "version": "3.3.3"
                },
                {
                  "status": "affected",
                  "version": "3.3.4"
                },
                {
                  "status": "affected",
                  "version": "3.4"
                },
                {
                  "status": "affected",
                  "version": "3.4.1"
                },
                {
                  "status": "affected",
                  "version": "3.4.2"
                },
                {
                  "status": "affected",
                  "version": "3.4.3"
                },
                {
                  "status": "affected",
                  "version": "3.4.4"
                },
                {
                  "status": "affected",
                  "version": "3.4.5"
                },
                {
                  "status": "affected",
                  "version": "3.4.6"
                },
                {
                  "status": "affected",
                  "version": "3.5"
                },
                {
                  "status": "affected",
                  "version": "2.7.1"
                },
                {
                  "status": "affected",
                  "version": "2.7.2"
                },
                {
                  "status": "affected",
                  "version": "2.7.6"
                },
                {
                  "status": "affected",
                  "version": "2.7.9"
                },
                {
                  "status": "affected",
                  "version": "2.7.10"
                },
                {
                  "status": "affected",
                  "version": "3.5.1"
                },
                {
                  "status": "affected",
                  "version": "3.5.2"
                },
                {
                  "status": "affected",
                  "version": "3.6.1"
                },
                {
                  "status": "affected",
                  "version": "3.6.2"
                },
                {
                  "status": "affected",
                  "version": "3.7"
                },
                {
                  "status": "affected",
                  "version": "3.7.1"
                },
                {
                  "status": "affected",
                  "version": "3.8.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T16:17:13.708Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU"
            }
          ],
          "source": {
            "advisory": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
            "defects": [
              "CSCwt75291"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20246",
        "datePublished": "2026-06-17T16:17:13.708Z",
        "dateReserved": "2025-10-08T11:59:15.400Z",
        "dateUpdated": "2026-06-17T17:17:13.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20220 (GCVE-0-2026-20220)

    Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Cisco Crosswork Network Controller Remote Code Execution Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an&nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration&nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.&nbsp; To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.&nbsp;
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Crosswork Network Change Automation Affected: 3.0.0
    Affected: 3.0.1
    Affected: 1.0.0
    Affected: 2.0.0
    Affected: 2.0.1
    Affected: 3.0.2
    Affected: 2.0.2
    Affected: 3.0.3
    Affected: 4.0.0
    Affected: 4.1.0
    Affected: 4.5.0
    Affected: 4.1.1
    Affected: 5.0.0
    Affected: 4.5.1
    Affected: 4.1.2
    Affected: 5.0.1
    Affected: 4.5.2
    Affected: 5.0.2
    Affected: 4.1.3
    Affected: 6.0.0
    Affected: 7.0.0
    Affected: 4.1.4
    Affected: 6.0.2
    Affected: 5.0.3
    Affected: 6.0.3
    Affected: 5.0.4
    Affected: 7.0.1
    Affected: 6.0.4
    Affected: 7.0.2
    Affected: 7.1.0
    Affected: 5.0.5
    Affected: 7.0.3
    Affected: 7.0.4
    Affected: 7.1.1
    Affected: 7.0.5
    Affected: 7.2.0
    Affected: 7.1.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:13:43.754531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:16:59.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Crosswork Network Change Automation",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "3.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "3.0.3"
                },
                {
                  "status": "affected",
                  "version": "4.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.1.0"
                },
                {
                  "status": "affected",
                  "version": "4.5.0"
                },
                {
                  "status": "affected",
                  "version": "4.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.5.1"
                },
                {
                  "status": "affected",
                  "version": "4.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "4.5.2"
                },
                {
                  "status": "affected",
                  "version": "5.0.2"
                },
                {
                  "status": "affected",
                  "version": "4.1.3"
                },
                {
                  "status": "affected",
                  "version": "6.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.0.0"
                },
                {
                  "status": "affected",
                  "version": "4.1.4"
                },
                {
                  "status": "affected",
                  "version": "6.0.2"
                },
                {
                  "status": "affected",
                  "version": "5.0.3"
                },
                {
                  "status": "affected",
                  "version": "6.0.3"
                },
                {
                  "status": "affected",
                  "version": "5.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.1"
                },
                {
                  "status": "affected",
                  "version": "6.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.0"
                },
                {
                  "status": "affected",
                  "version": "5.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.2.0"
                },
                {
                  "status": "affected",
                  "version": "7.1.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an\u0026nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation in the configuration\u0026nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.\u0026nbsp;\r\nTo exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.\u0026nbsp;"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T16:17:06.545Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cnc-inj-QNMeEmxk",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cnc-inj-QNMeEmxk",
            "defects": [
              "CSCwt44379"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Crosswork Network Controller Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20220",
        "datePublished": "2026-06-17T16:17:06.545Z",
        "dateReserved": "2025-10-08T11:59:15.398Z",
        "dateUpdated": "2026-06-17T17:16:59.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20190 (GCVE-0-2026-20190)

    Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:16
    VLAI
    Title
    Cisco Identity Services Engine Information Disclosure Vulnerability
    Summary
    A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Identity Services Engine Software Affected: 3.4.0
    Affected: 3.4 Patch 1
    Affected: 3.4 Patch 2
    Affected: 3.4 Patch 3
    Affected: 3.5.0
    Affected: 3.4 Patch 4
    Affected: 3.5 Patch 1
    Affected: 3.4 Patch 5
    Affected: 3.5 Patch 2
    Create a notification for this product.
    Cisco Cisco ISE Passive Identity Connector Affected: 3.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:14:11.061077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:16:45.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Identity Services Engine Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.5.0"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 4"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 5"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco ISE Passive Identity Connector",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T16:17:04.911Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ise-multi-G5WP8vv",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ise-multi-G5WP8vv",
            "defects": [
              "CSCwt22936"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Identity Services Engine Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20190",
        "datePublished": "2026-06-17T16:17:04.911Z",
        "dateReserved": "2025-10-08T11:59:15.395Z",
        "dateUpdated": "2026-06-17T17:16:45.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20181 (GCVE-0-2026-20181)

    Vulnerability from cvelistv5 – Published: 2026-06-17 16:16 – Updated: 2026-06-18 03:56
    VLAI
    Title
    Cisco Identity Services Engine Remote Code Execution Vulnerability
    Summary
    A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Identity Services Engine Software Affected: 3.1.0
    Affected: 3.1.0 p1
    Affected: 3.1.0 p3
    Affected: 3.1.0 p2
    Affected: 3.2.0
    Affected: 3.1.0 p4
    Affected: 3.1.0 p5
    Affected: 3.2.0 p1
    Affected: 3.1.0 p6
    Affected: 3.2.0 p2
    Affected: 3.1.0 p7
    Affected: 3.3.0
    Affected: 3.2.0 p3
    Affected: 3.2.0 p4
    Affected: 3.1.0 p8
    Affected: 3.2.0 p5
    Affected: 3.2.0 p6
    Affected: 3.1.0 p9
    Affected: 3.3 Patch 2
    Affected: 3.3 Patch 1
    Affected: 3.3 Patch 3
    Affected: 3.4.0
    Affected: 3.2.0 p7
    Affected: 3.3 Patch 4
    Affected: 3.4 Patch 1
    Affected: 3.1.0 p10
    Affected: 3.3 Patch 5
    Affected: 3.3 Patch 6
    Affected: 3.4 Patch 2
    Affected: 3.3 Patch 7
    Affected: 3.4 Patch 3
    Affected: 3.5.0
    Affected: 3.4 Patch 4
    Affected: 3.3 Patch 8
    Affected: 3.2 Patch 8
    Affected: 3.5 Patch 1
    Affected: 3.3 Patch 9
    Affected: 3.2 Patch 9
    Affected: 3.4 Patch 5
    Affected: 3.5 Patch 3
    Affected: 3.5 Patch 2
    Affected: 3.3 Patch 10
    Affected: 3.2 Patch 10
    Affected: 3.1.0 p11
    Create a notification for this product.
    Cisco Cisco ISE Passive Identity Connector Affected: 3.2.0
    Affected: 3.1.0
    Affected: 3.3.0
    Affected: 3.4.0
    Affected: 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:56:44.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Identity Services Engine Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p3"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p2"
                },
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p4"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p5"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p6"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p2"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p7"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p3"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p4"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p8"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p5"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p6"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p9"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.4.0"
                },
                {
                  "status": "affected",
                  "version": "3.2.0 p7"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 4"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p10"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 5"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 6"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 7"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.5.0"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 4"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 8"
                },
                {
                  "status": "affected",
                  "version": "3.2 Patch 8"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 1"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 9"
                },
                {
                  "status": "affected",
                  "version": "3.2 Patch 9"
                },
                {
                  "status": "affected",
                  "version": "3.4 Patch 5"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 3"
                },
                {
                  "status": "affected",
                  "version": "3.5 Patch 2"
                },
                {
                  "status": "affected",
                  "version": "3.3 Patch 10"
                },
                {
                  "status": "affected",
                  "version": "3.2 Patch 10"
                },
                {
                  "status": "affected",
                  "version": "3.1.0 p11"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco ISE Passive Identity Connector",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.2.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.3.0"
                },
                {
                  "status": "affected",
                  "version": "3.4.0"
                },
                {
                  "status": "affected",
                  "version": "3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T16:16:56.706Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ise-multi-G5WP8vv",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ise-multi-G5WP8vv",
            "defects": [
              "CSCwt22913"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Identity Services Engine Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20181",
        "datePublished": "2026-06-17T16:16:56.706Z",
        "dateReserved": "2025-10-08T11:59:15.393Z",
        "dateUpdated": "2026-06-18T03:56:44.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20262 (GCVE-0-2026-20262)

    Vulnerability from cvelistv5 – Published: 2026-06-15 16:21 – Updated: 2026-06-17 03:55
    VLAI CISA KEVIntel
    Title
    Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
    SSVC
    Exploitation: active Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
    Affected: 19.2.1
    Affected: 18.4.4
    Affected: 18.4.5
    Affected: 20.1.1.1
    Affected: 20.1.1
    Affected: 19.3.0
    Affected: 19.2.2
    Affected: 19.2.099
    Affected: 18.3.6
    Affected: 18.3.7
    Affected: 19.2.0
    Affected: 18.3.8
    Affected: 19.0.0
    Affected: 19.1.0
    Affected: 18.4.302
    Affected: 18.4.303
    Affected: 19.2.097
    Affected: 19.2.098
    Affected: 17.2.10
    Affected: 18.3.6.1
    Affected: 19.0.1a
    Affected: 18.2.0
    Affected: 18.4.3
    Affected: 18.4.1
    Affected: 17.2.8
    Affected: 18.3.3.1
    Affected: 18.4.0
    Affected: 18.3.1
    Affected: 17.2.6
    Affected: 17.2.9
    Affected: 18.3.4
    Affected: 17.2.5
    Affected: 18.3.1.1
    Affected: 18.3.5
    Affected: 18.4.0.1
    Affected: 18.3.3
    Affected: 17.2.7
    Affected: 17.2.4
    Affected: 18.3.0
    Affected: 19.2.3
    Affected: 18.4.501_ES
    Affected: 20.3.1
    Affected: 20.1.2
    Affected: 19.2.929
    Affected: 19.2.31
    Affected: 20.3.2
    Affected: 19.2.32
    Affected: 20.3.2_925
    Affected: 20.3.2.1
    Affected: 20.3.2.1_927
    Affected: 18.4.6
    Affected: 20.1.2_937
    Affected: 20.4.1
    Affected: 20.3.2_928
    Affected: 20.3.2_929
    Affected: 20.4.1.0.1
    Affected: 20.3.2.1_930
    Affected: 19.2.4
    Affected: 20.5.0.1.1
    Affected: 20.4.1.1
    Affected: 20.3.3
    Affected: 19.2.4.0.1
    Affected: 20.3.2_937
    Affected: 20.3.3.1
    Affected: 20.5.1
    Affected: 20.1.3
    Affected: 20.3.3.0.4
    Affected: 20.3.3.1.2
    Affected: 20.3.3.1.1
    Affected: 20.4.1.2
    Affected: 20.3.3.0.2
    Affected: 20.4.1.1.5
    Affected: 20.4.1.0.01
    Affected: 20.4.1.0.02
    Affected: 20.3.3.1.7
    Affected: 20.3.3.1.5
    Affected: 20.5.1.0.1
    Affected: 20.3.3.1.10
    Affected: 20.3.3.0.8
    Affected: 20.4.2
    Affected: 20.4.2.0.1
    Affected: 20.3.4
    Affected: 20.3.3.0.14
    Affected: 19.2.4.0.8
    Affected: 19.2.4.0.9
    Affected: 20.3.4.0.1
    Affected: 20.3.2.0.5
    Affected: 20.6.1
    Affected: 20.5.1.0.2
    Affected: 20.3.3.0.17
    Affected: 20.6.1.1
    Affected: 20.6.0.18.3
    Affected: 20.3.2.0.6
    Affected: 20.6.0.18.4
    Affected: 20.4.2.0.2
    Affected: 20.3.3.0.16
    Affected: 20.3.4.0.5
    Affected: 20.6.1.0.1
    Affected: 20.3.4.0.6
    Affected: 20.6.2
    Affected: 20.7.1EFT2
    Affected: 20.3.4.0.9
    Affected: 20.3.4.0.11
    Affected: 20.4.2.0.4
    Affected: 20.3.3.0.18
    Affected: 20.7.1
    Affected: 20.6.2.1
    Affected: 20.3.4.1
    Affected: 20.5.1.1
    Affected: 20.4.2.1
    Affected: 20.4.2.1.1
    Affected: 20.3.4.1.1
    Affected: 20.3.813
    Affected: 20.3.4.0.19
    Affected: 20.4.2.2.1
    Affected: 20.5.1.2
    Affected: 20.3.4.2
    Affected: 20.3.814
    Affected: 20.4.2.2
    Affected: 20.6.2.2
    Affected: 20.3.4.2.1
    Affected: 20.7.1.1
    Affected: 20.3.4.1.2
    Affected: 20.6.2.2.2
    Affected: 20.3.4.0.20
    Affected: 20.6.2.2.3
    Affected: 20.4.2.2.2
    Affected: 20.3.5
    Affected: 20.6.2.0.4
    Affected: 20.4.2.2.3
    Affected: 20.3.4.0.24
    Affected: 20.6.2.2.7
    Affected: 20.6.3
    Affected: 20.3.4.2.2
    Affected: 20.4.2.2.4
    Affected: 20.7.1.0.2
    Affected: 20.8.1
    Affected: 20.3.5.0.8
    Affected: 20.3.5.0.9
    Affected: 20.4.2.2.8
    Affected: 20.3.5.0.7
    Affected: 20.6.3.0.7
    Affected: 20.6.3.0.5
    Affected: 20.6.3.0.10
    Affected: 20.6.3.0.2
    Affected: 20.7.2
    Affected: 20.9.1EFT2
    Affected: 20.6.3.0.11
    Affected: 20.6.3.1
    Affected: 20.6.3.0.14
    Affected: 20.6.4
    Affected: 20.9.1
    Affected: 20.6.3.0.19
    Affected: 20.6.3.0.18
    Affected: 20.3.6
    Affected: 20.9.1.1
    Affected: 20.6.3.0.23
    Affected: 20.6.4.0.4
    Affected: 20.6.3.0.25
    Affected: 20.6.5
    Affected: 20.6.3.0.27
    Affected: 20.9.2
    Affected: 20.9.2.1
    Affected: 20.6.3.0.29
    Affected: 20.6.3.0.31
    Affected: 20.6.3.0.32
    Affected: 20.10.1
    Affected: 20.6.3.0.33
    Affected: 20.9.2.0.01
    Affected: 20.9.1_LI_Images
    Affected: 20.10.1_LI_Images
    Affected: 20.9.2_LI_Images
    Affected: 20.3.7
    Affected: 20.9.3
    Affected: 20.6.5.1
    Affected: 20.11.1
    Affected: 20.11.1_LI_Images
    Affected: 20.9.3_LI_ Images
    Affected: 20.6.3.1.1
    Affected: 20.9.3.0.2
    Affected: 20.6.5.1.2
    Affected: 20.9.3.0.3
    Affected: 20.4.2.3
    Affected: 20.6.3.2
    Affected: 20.6.4.1
    Affected: 20.6.3.0.38
    Affected: 20.6.3.0.39
    Affected: 20.3.5.1
    Affected: 20.3.4.3
    Affected: 20.9.3.1
    Affected: 20.3.3.2
    Affected: 20.6.5.2
    Affected: 20.3.7.1
    Affected: 20.10.1.1
    Affected: 20.6.5.2.1
    Affected: 20.3.4.0.25
    Affected: 20.6.2.2.4
    Affected: 20.6.1.2
    Affected: 20.11.1.1
    Affected: 20.9.3.0.5
    Affected: 20.3.4.0.26
    Affected: 20.6.5.1.3
    Affected: 20.6.3.0.40
    Affected: 20.1.3.1
    Affected: 20.9.2.2
    Affected: 20.6.5.2.3
    Affected: 20.6.5.1.4
    Affected: 20.6.5.3
    Affected: 20.6.3.0.41
    Affected: 20.9.3.0.7
    Affected: 20.6.5.1.5
    Affected: 20.9.3.0.4
    Affected: 20.6.4.0.19
    Affected: 20.6.5.1.6
    Affected: 20.9.3.0.8
    Affected: 20.6.3.3
    Affected: 20.3.7.2
    Affected: 20.6.5.4
    Affected: 20.6.5.1.7
    Affected: 20.9.3.0.12
    Affected: 20.6.4.2
    Affected: 20.6.5.5
    Affected: 20.9.3.2
    Affected: 20.11.1.2
    Affected: 20.6.3.4
    Affected: 20.10.1.2
    Affected: 20.6.5.1.9
    Affected: 20.9.3.0.16
    Affected: 20.6.3.0.45
    Affected: 20.6.5.1.10
    Affected: 20.9.3.0.17
    Affected: 20.6.5.2.4
    Affected: 20.6.4.0.21
    Affected: 20.9.3.0.18
    Affected: 20.6.3.0.46
    Affected: 20.6.3.0.47
    Affected: 20.9.2.3
    Affected: 20.9.3.2_LI_Images
    Affected: 20.9.3.0.21
    Affected: 20.9.3.0.20
    Affected: 20.9.4_LI_Images
    Affected: 20.9.4
    Affected: 20.6.5.1.11
    Affected: 20.12.1
    Affected: 20.12.1_LI_Images
    Affected: 20.6.5.1.13
    Affected: 20.9.3.0.23
    Affected: 20.6.5.2.8
    Affected: 20.9.4.1
    Affected: 20.9.4.1_LI_Images
    Affected: 20.9.3.0.25
    Affected: 20.9.3.0.24
    Affected: 20.6.5.1.14
    Affected: 20.3.8
    Affected: 20.6.6
    Affected: 20.9.3.0.26
    Affected: 20.6.3.0.51
    Affected: 20.9.3.0.29
    Affected: 20.12.2
    Affected: 20.12.2_LI_Images
    Affected: 20.6.6.0.1
    Affected: 20.13.1_LI_Images
    Affected: 20.9.4.0.4
    Affected: 20.13.1
    Affected: 20.9.4.1.1
    Affected: 20.9.5
    Affected: 20.9.5_LI_Images
    Affected: 20.12.3_LI_Images
    Affected: 20.12.3
    Affected: 20.9.4.1.3
    Affected: 20.6.7
    Affected: 20.9.5.1
    Affected: 20.9.5.1_LI_Images
    Affected: 20.9.4.1.6
    Affected: 20.14.1
    Affected: 20.14.1_LI_Images
    Affected: 20.9.5.2
    Affected: 20.9.5.2.1
    Affected: 20.9.5.2_LI_Images
    Affected: 20.12.3.1
    Affected: 20.12.4
    Affected: 20.15.1_LI_Images
    Affected: 20.15.1
    Affected: 20.9.5.1.4
    Affected: 20.9.5.2.7
    Affected: 20.9.5.2.13
    Affected: 20.9.6
    Affected: 20.9.6_LI_Images
    Affected: 20.9.5.2.14
    Affected: 20.6.8
    Affected: 20.12.4.0.03
    Affected: 20.16.1
    Affected: 20.16.1_LI_Images
    Affected: 20.12.4_LI_Images
    Affected: 20.9.5.2.16
    Affected: 20.12.4.0.4
    Affected: 20.12.401
    Affected: 20.9.5.3
    Affected: 20.9.5.3_LI_Images
    Affected: 20.12.4.1_LI_Images
    Affected: 20.12.4.1
    Affected: 20.9.5.2.21
    Affected: 20.9.6.0.3
    Affected: 20.12.4.0.6
    Affected: 20.15.2_LI_Images
    Affected: 20.15.2
    Affected: 20.12.4_Monthly_ES5
    Affected: 20.12.5
    Affected: 20.12.5_LI_Images
    Affected: 20.9.7_LI _Images
    Affected: 20.9.7
    Affected: 20.15.3
    Affected: 20.15.3_ LI _Images
    Affected: 20.12.501
    Affected: 20.12.5.1_LI_Images
    Affected: 20.12.5.1
    Affected: 20.12.5.2_LI_Images
    Affected: 20.12.5.2
    Affected: 20.15.3.1
    Affected: 20.15.4_LI_Images
    Affected: 20.15.4
    Affected: 20.9.7.1_LI _Images
    Affected: 20.9.7.1
    Affected: 20.18.1
    Affected: 20.18.1_LI_Images
    Affected: 20.12.6_LI_Images
    Affected: 20.12.6
    Affected: 20.12.5.1.01
    Affected: 26.0.1
    Affected: 20.9.8
    Affected: 20.9.8_LI_Images
    Affected: 20.18.2
    Affected: 20.15.4.1_LI_Images
    Affected: 20.15.4.1
    Affected: 20.18.2_LI_Images
    Affected: 26.1.1
    Affected: 26.1.1_LI_Images
    Affected: 20.18.2.1_LI_Images
    Affected: 20.18.2.1
    Affected: 20.15.4.2_LI_Images
    Affected: 20.15.4.2
    Affected: 20.12.6.1
    Affected: 20.12.6.1_LI_Images
    Affected: 20.12.5.3
    Affected: 20.12.5.3_LI_Images
    Affected: 20.9.8.2_LI_Images
    Affected: 20.9.8.2
    Affected: 20.18.3
    Affected: 20.18.3_LI_Images
    Affected: 20.15.5
    Affected: 20.15.5_LI_Images
    Affected: 20.12.7
    Affected: 20.12.7_LI_Images
    Affected: 20.9.9
    Affected: 20.9.9_LI_Images
    Affected: 20.18.2.2
    Affected: 20.18.2.2_LI_Images
    Affected: 20.12.5.4
    Affected: 20.12.5.4_LI_ Images
    Affected: 20.12.7.1_LI_Images
    Affected: 20.12.6.2_LI_Images
    Affected: 20.12.7.1
    Affected: 20.15.5.1
    Affected: 20.15.4.3
    Affected: 20.15.4.3_LI_Images
    Affected: 20.15.5.1_LI_Images
    Affected: 20.12.6.2
    Affected: 20.15.5.2
    Affected: 20.15.5.2_LI_Images
    Affected: 26.1.1.1_LI_Images
    Affected: 20.15.4.4
    Affected: 20.15.4.4_LI_Images
    Affected: 26.1.1.1
    Affected: 20.9.9.1_LI_Images
    Affected: 20.9.9.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20262",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-15",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T03:55:46.594Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20262"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Catalyst SD-WAN Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "20.1.12"
                },
                {
                  "status": "affected",
                  "version": "19.2.1"
                },
                {
                  "status": "affected",
                  "version": "18.4.4"
                },
                {
                  "status": "affected",
                  "version": "18.4.5"
                },
                {
                  "status": "affected",
                  "version": "20.1.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.1.1"
                },
                {
                  "status": "affected",
                  "version": "19.3.0"
                },
                {
                  "status": "affected",
                  "version": "19.2.2"
                },
                {
                  "status": "affected",
                  "version": "19.2.099"
                },
                {
                  "status": "affected",
                  "version": "18.3.6"
                },
                {
                  "status": "affected",
                  "version": "18.3.7"
                },
                {
                  "status": "affected",
                  "version": "19.2.0"
                },
                {
                  "status": "affected",
                  "version": "18.3.8"
                },
                {
                  "status": "affected",
                  "version": "19.0.0"
                },
                {
                  "status": "affected",
                  "version": "19.1.0"
                },
                {
                  "status": "affected",
                  "version": "18.4.302"
                },
                {
                  "status": "affected",
                  "version": "18.4.303"
                },
                {
                  "status": "affected",
                  "version": "19.2.097"
                },
                {
                  "status": "affected",
                  "version": "19.2.098"
                },
                {
                  "status": "affected",
                  "version": "17.2.10"
                },
                {
                  "status": "affected",
                  "version": "18.3.6.1"
                },
                {
                  "status": "affected",
                  "version": "19.0.1a"
                },
                {
                  "status": "affected",
                  "version": "18.2.0"
                },
                {
                  "status": "affected",
                  "version": "18.4.3"
                },
                {
                  "status": "affected",
                  "version": "18.4.1"
                },
                {
                  "status": "affected",
                  "version": "17.2.8"
                },
                {
                  "status": "affected",
                  "version": "18.3.3.1"
                },
                {
                  "status": "affected",
                  "version": "18.4.0"
                },
                {
                  "status": "affected",
                  "version": "18.3.1"
                },
                {
                  "status": "affected",
                  "version": "17.2.6"
                },
                {
                  "status": "affected",
                  "version": "17.2.9"
                },
                {
                  "status": "affected",
                  "version": "18.3.4"
                },
                {
                  "status": "affected",
                  "version": "17.2.5"
                },
                {
                  "status": "affected",
                  "version": "18.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "18.3.5"
                },
                {
                  "status": "affected",
                  "version": "18.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "18.3.3"
                },
                {
                  "status": "affected",
                  "version": "17.2.7"
                },
                {
                  "status": "affected",
                  "version": "17.2.4"
                },
                {
                  "status": "affected",
                  "version": "18.3.0"
                },
                {
                  "status": "affected",
                  "version": "19.2.3"
                },
                {
                  "status": "affected",
                  "version": "18.4.501_ES"
                },
                {
                  "status": "affected",
                  "version": "20.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.1.2"
                },
                {
                  "status": "affected",
                  "version": "19.2.929"
                },
                {
                  "status": "affected",
                  "version": "19.2.31"
                },
                {
                  "status": "affected",
                  "version": "20.3.2"
                },
                {
                  "status": "affected",
                  "version": "19.2.32"
                },
                {
                  "status": "affected",
                  "version": "20.3.2_925"
                },
                {
                  "status": "affected",
                  "version": "20.3.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.2.1_927"
                },
                {
                  "status": "affected",
                  "version": "18.4.6"
                },
                {
                  "status": "affected",
                  "version": "20.1.2_937"
                },
                {
                  "status": "affected",
                  "version": "20.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.2_928"
                },
                {
                  "status": "affected",
                  "version": "20.3.2_929"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.2.1_930"
                },
                {
                  "status": "affected",
                  "version": "19.2.4"
                },
                {
                  "status": "affected",
                  "version": "20.5.0.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.3"
                },
                {
                  "status": "affected",
                  "version": "19.2.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.2_937"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.1.3"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.0.01"
                },
                {
                  "status": "affected",
                  "version": "20.4.1.0.02"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1.7"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1.5"
                },
                {
                  "status": "affected",
                  "version": "20.5.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.1.10"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.8"
                },
                {
                  "status": "affected",
                  "version": "20.4.2"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.14"
                },
                {
                  "status": "affected",
                  "version": "19.2.4.0.8"
                },
                {
                  "status": "affected",
                  "version": "19.2.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.2.0.5"
                },
                {
                  "status": "affected",
                  "version": "20.6.1"
                },
                {
                  "status": "affected",
                  "version": "20.5.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.17"
                },
                {
                  "status": "affected",
                  "version": "20.6.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.0.18.3"
                },
                {
                  "status": "affected",
                  "version": "20.3.2.0.6"
                },
                {
                  "status": "affected",
                  "version": "20.6.0.18.4"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.16"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.5"
                },
                {
                  "status": "affected",
                  "version": "20.6.1.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "20.6.2"
                },
                {
                  "status": "affected",
                  "version": "20.7.1EFT2"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.9"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.11"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.0.18"
                },
                {
                  "status": "affected",
                  "version": "20.7.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.5.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.813"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.19"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.5.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.814"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.7.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.20"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.2.3"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.5"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2.3"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.24"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.2.7"
                },
                {
                  "status": "affected",
                  "version": "20.6.3"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2.4"
                },
                {
                  "status": "affected",
                  "version": "20.7.1.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.8.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.5.0.8"
                },
                {
                  "status": "affected",
                  "version": "20.3.5.0.9"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.2.8"
                },
                {
                  "status": "affected",
                  "version": "20.3.5.0.7"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.7"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.5"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.10"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.7.2"
                },
                {
                  "status": "affected",
                  "version": "20.9.1EFT2"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.11"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.14"
                },
                {
                  "status": "affected",
                  "version": "20.6.4"
                },
                {
                  "status": "affected",
                  "version": "20.9.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.19"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.18"
                },
                {
                  "status": "affected",
                  "version": "20.3.6"
                },
                {
                  "status": "affected",
                  "version": "20.9.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.23"
                },
                {
                  "status": "affected",
                  "version": "20.6.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.25"
                },
                {
                  "status": "affected",
                  "version": "20.6.5"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.27"
                },
                {
                  "status": "affected",
                  "version": "20.9.2"
                },
                {
                  "status": "affected",
                  "version": "20.9.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.29"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.31"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.32"
                },
                {
                  "status": "affected",
                  "version": "20.10.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.33"
                },
                {
                  "status": "affected",
                  "version": "20.9.2.0.01"
                },
                {
                  "status": "affected",
                  "version": "20.9.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.10.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.3.7"
                },
                {
                  "status": "affected",
                  "version": "20.9.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.11.1"
                },
                {
                  "status": "affected",
                  "version": "20.11.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.3_LI_ Images"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.3"
                },
                {
                  "status": "affected",
                  "version": "20.4.2.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.38"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.39"
                },
                {
                  "status": "affected",
                  "version": "20.3.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.3"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.3.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.2"
                },
                {
                  "status": "affected",
                  "version": "20.3.7.1"
                },
                {
                  "status": "affected",
                  "version": "20.10.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.25"
                },
                {
                  "status": "affected",
                  "version": "20.6.2.2.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.11.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.5"
                },
                {
                  "status": "affected",
                  "version": "20.3.4.0.26"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.40"
                },
                {
                  "status": "affected",
                  "version": "20.1.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.2.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.41"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.7"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.5"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.4.0.19"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.6"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.8"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.3"
                },
                {
                  "status": "affected",
                  "version": "20.3.7.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.7"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.12"
                },
                {
                  "status": "affected",
                  "version": "20.6.4.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.5"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.2"
                },
                {
                  "status": "affected",
                  "version": "20.11.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.4"
                },
                {
                  "status": "affected",
                  "version": "20.10.1.2"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.9"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.16"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.45"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.10"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.17"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.2.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.4.0.21"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.18"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.46"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.47"
                },
                {
                  "status": "affected",
                  "version": "20.9.2.3"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.21"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.20"
                },
                {
                  "status": "affected",
                  "version": "20.9.4_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.4"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.11"
                },
                {
                  "status": "affected",
                  "version": "20.12.1"
                },
                {
                  "status": "affected",
                  "version": "20.12.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.13"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.23"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.2.8"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.25"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.24"
                },
                {
                  "status": "affected",
                  "version": "20.6.5.1.14"
                },
                {
                  "status": "affected",
                  "version": "20.3.8"
                },
                {
                  "status": "affected",
                  "version": "20.6.6"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.26"
                },
                {
                  "status": "affected",
                  "version": "20.6.3.0.51"
                },
                {
                  "status": "affected",
                  "version": "20.9.3.0.29"
                },
                {
                  "status": "affected",
                  "version": "20.12.2"
                },
                {
                  "status": "affected",
                  "version": "20.12.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.6.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.13.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.13.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.5"
                },
                {
                  "status": "affected",
                  "version": "20.9.5_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.3_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.3"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.1.3"
                },
                {
                  "status": "affected",
                  "version": "20.6.7"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.4.1.6"
                },
                {
                  "status": "affected",
                  "version": "20.14.1"
                },
                {
                  "status": "affected",
                  "version": "20.14.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.12.4"
                },
                {
                  "status": "affected",
                  "version": "20.15.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.1.4"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.7"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.13"
                },
                {
                  "status": "affected",
                  "version": "20.9.6"
                },
                {
                  "status": "affected",
                  "version": "20.9.6_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.14"
                },
                {
                  "status": "affected",
                  "version": "20.6.8"
                },
                {
                  "status": "affected",
                  "version": "20.12.4.0.03"
                },
                {
                  "status": "affected",
                  "version": "20.16.1"
                },
                {
                  "status": "affected",
                  "version": "20.16.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.4_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.16"
                },
                {
                  "status": "affected",
                  "version": "20.12.4.0.4"
                },
                {
                  "status": "affected",
                  "version": "20.12.401"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.3"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.3_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.4.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.5.2.21"
                },
                {
                  "status": "affected",
                  "version": "20.9.6.0.3"
                },
                {
                  "status": "affected",
                  "version": "20.12.4.0.6"
                },
                {
                  "status": "affected",
                  "version": "20.15.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.2"
                },
                {
                  "status": "affected",
                  "version": "20.12.4_Monthly_ES5"
                },
                {
                  "status": "affected",
                  "version": "20.12.5"
                },
                {
                  "status": "affected",
                  "version": "20.12.5_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.7_LI _Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.7"
                },
                {
                  "status": "affected",
                  "version": "20.15.3"
                },
                {
                  "status": "affected",
                  "version": "20.15.3_ LI _Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.501"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.2"
                },
                {
                  "status": "affected",
                  "version": "20.15.3.1"
                },
                {
                  "status": "affected",
                  "version": "20.15.4_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.4"
                },
                {
                  "status": "affected",
                  "version": "20.9.7.1_LI _Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.7.1"
                },
                {
                  "status": "affected",
                  "version": "20.18.1"
                },
                {
                  "status": "affected",
                  "version": "20.18.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.6_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.6"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.1.01"
                },
                {
                  "status": "affected",
                  "version": "26.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.8"
                },
                {
                  "status": "affected",
                  "version": "20.9.8_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.18.2"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.1"
                },
                {
                  "status": "affected",
                  "version": "20.18.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "26.1.1"
                },
                {
                  "status": "affected",
                  "version": "26.1.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.18.2.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.18.2.1"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.2"
                },
                {
                  "status": "affected",
                  "version": "20.12.6.1"
                },
                {
                  "status": "affected",
                  "version": "20.12.6.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.3"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.3_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.8.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.8.2"
                },
                {
                  "status": "affected",
                  "version": "20.18.3"
                },
                {
                  "status": "affected",
                  "version": "20.18.3_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.5"
                },
                {
                  "status": "affected",
                  "version": "20.15.5_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.7"
                },
                {
                  "status": "affected",
                  "version": "20.12.7_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.9"
                },
                {
                  "status": "affected",
                  "version": "20.9.9_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.18.2.2"
                },
                {
                  "status": "affected",
                  "version": "20.18.2.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.4"
                },
                {
                  "status": "affected",
                  "version": "20.12.5.4_LI_ Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.7.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.6.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.7.1"
                },
                {
                  "status": "affected",
                  "version": "20.15.5.1"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.3"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.3_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.5.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.12.6.2"
                },
                {
                  "status": "affected",
                  "version": "20.15.5.2"
                },
                {
                  "status": "affected",
                  "version": "20.15.5.2_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "26.1.1.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.4"
                },
                {
                  "status": "affected",
                  "version": "20.15.4.4_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "26.1.1.1"
                },
                {
                  "status": "affected",
                  "version": "20.9.9.1_LI_Images"
                },
                {
                  "status": "affected",
                  "version": "20.9.9.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.\r\n\r\nThis vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "In June 2026, the Cisco PSIRT became aware of limited exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T16:21:09.696Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-sdwan-arbfw-c2rZvQ",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-sdwan-arbfw-c2rZvQ",
            "defects": [
              "CSCwu18441"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20262",
        "datePublished": "2026-06-15T16:21:09.696Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-17T03:55:46.594Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20258 (GCVE-0-2026-20258)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:22
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.3.2512 , < 10.3.2512.11 (custom)
    Affected: 10.2.2510 , < 10.2.2510.15 (custom)
    Affected: 10.1.2507 , < 10.1.2507.23 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Tony Tong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:22:19.768336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:22:27.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.3.2512.11",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.15",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.23",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Tony Tong"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.11, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could store a malicious script in a classic dashboard HTML panel, causing unauthorized JavaScript code to execute in the browser of another user.  \n\nThe vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:23.870Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0608"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0608"
          },
          "title": "Stored Cross-Site Scripting (XSS) through Classic Dashboard in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20258",
        "datePublished": "2026-06-10T17:16:23.870Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:22:27.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20253 (GCVE-0-2026-20253)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-19 03:55
    VLAI CISA Shadowserver KEVIntel
    Title
    Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
    Summary
    In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    Alex Hordijk (hordalex)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20253",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-06-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-19T03:55:19.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20253"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-18T00:00:00.000Z",
                "value": "CVE-2026-20253 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Alex Hordijk (hordalex)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
                }
              ],
              "value": "In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T20:33:56.243Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0603"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0603"
          },
          "title": "Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20253",
        "datePublished": "2026-06-10T17:16:21.242Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-19T03:55:19.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20260 (GCVE-0-2026-20260)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Log Injection through HTTP Request Paths in Splunk SOAR
    Summary
    In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.<br><br>The injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - The software does not neutralize or incorrectly neutralizes output that is written to logs.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk SOAR Affected: 8.5 , < 8.5.0 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    STÖK / Fredrik Alexandersson
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:06.757464Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:13.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk SOAR",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "8.5.0",
                  "status": "affected",
                  "version": "8.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "ST\u00d6K / Fredrik Alexandersson"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
                }
              ],
              "value": "In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR application log files through specially crafted HTTP request paths, which a terminal emulator might interpret when an administrator views the logs.\u003cbr\u003e\u003cbr\u003eThe injection is possible because SOAR does not strip control characters from HTTP request paths before writing them to application logs."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "The software does not neutralize or incorrectly neutralizes output that is written to logs.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:20.653Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0611"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0611"
          },
          "title": "Log Injection through HTTP Request Paths in Splunk SOAR"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20260",
        "datePublished": "2026-06-10T17:16:20.653Z",
        "dateReserved": "2025-10-08T11:59:15.402Z",
        "dateUpdated": "2026-06-10T18:23:13.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20252 (GCVE-0-2026-20252)

    Vulnerability from cvelistv5 – Published: 2026-06-10 17:16 – Updated: 2026-06-10 18:23
    VLAI
    Title
    Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise
    Summary
    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature. The vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
    Assigner
    Impacted products
    Vendor Product Version
    Splunk Splunk Enterprise Affected: 10.2 , < 10.2.4 (custom)
    Affected: 10.0 , < 10.0.7 (custom)
    Affected: 9.4 , < 9.4.12 (custom)
    Affected: 9.3 , < 9.3.13 (custom)
    Create a notification for this product.
    Splunk Splunk Cloud Platform Affected: 10.4.2604 , < 10.4.2604.3 (custom)
    Affected: 10.3.2512 , < 10.3.2512.12 (custom)
    Affected: 10.2.2510 , < 10.2.2510.14 (custom)
    Affected: 10.1.2507 , < 10.1.2507.22 (custom)
    Affected: 9.3.2411 , < 9.3.2411.132 (custom)
    Create a notification for this product.
    Date Public
    2026-06-10 00:00
    Credits
    M Mahdan Argya Syarif (0xbeludan)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-10T18:23:29.592434Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-10T18:23:36.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.2.4",
                  "status": "affected",
                  "version": "10.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.7",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.4.12",
                  "status": "affected",
                  "version": "9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.13",
                  "status": "affected",
                  "version": "9.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk",
              "versions": [
                {
                  "lessThan": "10.4.2604.3",
                  "status": "affected",
                  "version": "10.4.2604",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.3.2512.12",
                  "status": "affected",
                  "version": "10.3.2512",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.2.2510.14",
                  "status": "affected",
                  "version": "10.2.2510",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.2507.22",
                  "status": "affected",
                  "version": "10.1.2507",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.3.2411.132",
                  "status": "affected",
                  "version": "9.3.2411",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "M Mahdan Argya Syarif (0xbeludan)"
            }
          ],
          "datePublic": "2026-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
                }
              ],
              "value": "In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could send server-side requests to arbitrary internal destinations through the Dashboard Studio PDF export feature.  \n\nThe vulnerability exists because the trusted-domain validation uses a prefix match that can be bypassed with attacker-controlled subdomains (for example, docs.splunk.com.evil.com), and because the PDF export service follows HTTP redirects automatically without re-validating each redirect target against the allowlist."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T17:16:19.518Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "url": "https://advisory.splunk.com/advisories/SVD-2026-0602"
            }
          ],
          "source": {
            "advisory": "SVD-2026-0602"
          },
          "title": "Server-Side Request Forgery (SSRF) through Dashboard Studio PDF Export in Splunk Enterprise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20252",
        "datePublished": "2026-06-10T17:16:19.518Z",
        "dateReserved": "2025-10-08T11:59:15.401Z",
        "dateUpdated": "2026-06-10T18:23:36.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }