CVE-2026-20031 β€” Uncaught Exception in Cisco Secure Endpoint

CWE-248 β€” Uncaught Exception5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 66.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Endpoint
Timeline
PublishedMar 4

Description

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

β–ΆCVEListV5cisco/cisco_secure_endpoint162 versions+161

πŸ”΄Vulnerability Details

2
GHSA
GHSA-hvpm-hv6g-6m5c: A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service↗2026-03-04
β–Ά
CVEList
ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability↗2026-03-04
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability↗2026-03-04
β–Ά

πŸ•΅οΈThreat Intelligence

1
Wiz
CVE-2026-20031 Impact, Exploitability, and Mitigation Steps | Wiz↗
β–Ά
CVE-2026-20031 β€” Uncaught Exception in Cisco | cvebase