VDB

CVE-2026-20058

CVE-2026-20058 PUBLISHED CVSS 5.800000190734863 MEDIUM

Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit these vulnerabilities by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart, causing a DoS condition.

EPSS 0.14% · 33.9th percentile

Risk Scores

CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.14%
33.9th percentile

Affected Products

VendorProductVersions
CiscoCisco UTD SNORT IPS Engine Software17.9.3a, 17.12.1a, 17.12.2
CiscoCisco Secure Firewall Threat Defense (FTD) Software7.6.1, 7.4.2.3, 7.6.2

Exploit Intelligence

Timeline

  • Oct 8, 2025 CVE ID Reserved
  • Mar 4, 2026 CVE Published
  • Mar 4, 2026 CVE Updated
  • Mar 5, 2026 EPSS Score
  • Mar 6, 2026 EPSS Score
  • Mar 7, 2026 EPSS Score
  • Mar 9, 2026 EPSS Score
  • Mar 10, 2026 EPSS Score
  • Mar 11, 2026 EPSS Score
  • Mar 12, 2026 EPSS Score
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›