Vulnslist

find the latest Cisco vulnerabilities

ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability

cisco-sa-clamav-css-Fn4QSZ · Medium · Published · Updated

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2026-20031
Cisco Bug IDsCSCwr70268, CSCwr70255, CSCwr70252, CSCwr70257
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Endpoint, Cisco Secure Endpoint Private Cloud Console

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2026-20031 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2026-20031 Cisco OpenVuln
Cisco Secure Endpoint Private Cloud Console CVE-2026-20031 Cisco OpenVuln
Cisco Secure Endpoint CVE-2026-20031 Cisco OpenVuln