CVE-2026-20243 – Cisco Secure Endpoint
“Malicious files can turn security scanning into a service outage.”
Cisco has released fixes for multiple high-severity vulnerabilities affecting Cisco Secure Endpoint through ClamAV file parsing. These issues affect several file format parsers, including PE, FSG, 7z, InstallShield, PESpin, ALZ, and DMG. An unauthenticated remote attacker could submit crafted files for scanning and cause the ClamAV scanning process to terminate, resulting in a denial-of-service condition.
CVE-2026-20213 has a CVSS score of 7.5, which is High severity. CVE-2026-20214 has a CVSS score of 7.5, which is High severity. CVE-2026-20215 has a CVSS score of 7.5, which is High severity. CVE-2026-20216 has a CVSS score of 7.5, which is High severity. CVE-2026-20217 has a CVSS score of 7.5, which is High severity. CVE-2026-20243 has a CVSS score of 7.5, which is High severity. CVE-2026-20244 has a CVSS score of 7.5, which is High severity. No verified real-world exploitation or public proof-of-concept has been confirmed.
Key Details
- Affected Product
- Cisco Secure Endpoint
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-120