Action not permitted
Modal body text goes here.
Modal Title
Modal Body
FKIE_CVE-2026-20031
Vulnerability from fkie_nvd - Published: 2026-03-04 18:16 - Updated: 2026-03-05 19:39
Severity ?
Summary
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo HTML Cascading Style Sheets (CSS) de ClamAV podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\n\nEsta vulnerabilidad se debe a un manejo de errores inadecuado al dividir cadenas UTF-8. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar un archivo HTML manipulado para ser escaneado por ClamAV en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante terminar el proceso de escaneo."
}
],
"id": "CVE-2026-20031",
"lastModified": "2026-03-05T19:39:11.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2026-03-04T18:16:16.773",
"references": [
{
"source": "psirt@cisco.com",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
CVE-2026-20031 (GCVE-0-2026-20031)
Vulnerability from cvelistv5 – Published: 2026-03-04 17:17 – Updated: 2026-03-05 15:52
VLAI?
EPSS
Title
ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
Summary
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
Severity ?
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 2.0.2 Affected: 1.1.0 Affected: 2.0.0 Affected: 2.0.1 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 2.1.0.14 Affected: 2.2.0 Affected: 2.3.0 Affected: 2.4.0 Affected: 2.5.0 Affected: 2.6.0 Affected: 2.7.0 Affected: 2.8.0 Affected: 2.9.0 Affected: 2.10.0 Affected: 2.10.1 Affected: 2.11.0 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T15:51:58.298217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T15:52:07.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "2.0.2"
},
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "2.1.0.14"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.5.0"
},
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.8.0"
},
{
"status": "affected",
"version": "2.9.0"
},
{
"status": "affected",
"version": "2.10.0"
},
{
"status": "affected",
"version": "2.10.1"
},
{
"status": "affected",
"version": "2.11.0"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "Uncaught Exception",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T17:44:55.869Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-css-Fn4QSZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ"
}
],
"source": {
"advisory": "cisco-sa-clamav-css-Fn4QSZ",
"defects": [
"CSCwq32780"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20031",
"datePublished": "2026-03-04T17:17:33.372Z",
"dateReserved": "2025-10-08T11:59:15.353Z",
"dateUpdated": "2026-03-05T15:52:07.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…