CVE-2026-20243 – Cisco Secure Endpoint

CVSS 7.5 IMPORTANT High with EoP or RCE – Expedited Deployment

“Malicious files can turn security scanning into a service outage.”

Cisco has released fixes for multiple high-severity vulnerabilities affecting Cisco Secure Endpoint through ClamAV file parsing. These issues affect several file format parsers, including PE, FSG, 7z, InstallShield, PESpin, ALZ, and DMG. An unauthenticated remote attacker could submit crafted files for scanning and cause the ClamAV scanning process to terminate, resulting in a denial-of-service condition.

CVE-2026-20213 has a CVSS score of 7.5, which is High severity. CVE-2026-20214 has a CVSS score of 7.5, which is High severity. CVE-2026-20215 has a CVSS score of 7.5, which is High severity. CVE-2026-20216 has a CVSS score of 7.5, which is High severity. CVE-2026-20217 has a CVSS score of 7.5, which is High severity. CVE-2026-20243 has a CVSS score of 7.5, which is High severity. CVE-2026-20244 has a CVSS score of 7.5, which is High severity. No verified real-world exploitation or public proof-of-concept has been confirmed.

Key Details

Affected Product
Cisco Secure Endpoint
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-120
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.