VDB

CVE-2026-20056

CVE-2026-20056 PUBLISHED CVSS 4 MEDIUM

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. 

EPSS 0.02% · 6.6th percentile

Risk Scores

CVSS 3.1
4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.02%
6.6th percentile

Affected Products

VendorProductVersions
CiscoCisco Secure Web Appliance11.8.0-453, 12.5.3-002, 12.0.3-005

Exploit Intelligence

Timeline

  • Oct 8, 2025 CVE ID Reserved
  • Feb 4, 2026 CVE Published
  • Feb 4, 2026 CVE Updated
  • Feb 5, 2026 EPSS Score
  • Feb 7, 2026 EPSS Score
  • Feb 9, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 23, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›