CVE-2026-20026
Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of service (DoS).
EPSS 0.14% · 33.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.0.0.1, 7.0.1, 7.0.1.1 |
| Cisco | Cisco UTD SNORT IPS Engine Software | 3.17.1S, 16.12.3, Fuji-16.9.5 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20026 (circl-sighting)
- CIRCL seen: CVE-2026-20026 (circl-sighting)
- CIRCL seen: CVE-2026-20026 (circl-sighting)
- CIRCL seen: CVE-2026-20026 (circl-sighting)
- cisco-sa-snort3-dcerpc-vulns-J9HNF4tH (circl)
Timeline
- Oct 8, 2025 CVE ID Reserved
- Jan 7, 2026 CVE Published
- Jan 7, 2026 PoC Published
- Jan 8, 2026 EPSS Score
- Jan 8, 2026 PoC Published
- Jan 11, 2026 EPSS Score
- Jan 14, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 28, 2026 PoC Published