CVE-2026-20050 — Improper Resource Shutdown or Release in Cisco Secure Firewall Threat Defense Software

CWE-404 — Improper Resource Shutdown or Release4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 64.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Firewall Threat Defense Software

Timeline

PublishedMar 4

Description

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management during the inspection of TLS 1.2 encrypted traffic. An attacker could exploit this vulnerability by sending crafted TLS 1.2 encrypted traffic through an affected device. A successful exp…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_secure_firewall_threat_defense_software58 versions+57

🔴Vulnerability Details

CVEList

Cisco Secure Firewall Threat Defense Decryption Policy Denial of Service Vulnerability↗2026-03-04

▶

GHSA

GHSA-pvq2-4ff4-p9w6: A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could all↗2026-03-04

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability↗2026-03-04

▶