Back to overview

CVE-2026-20214

HIGH
7.5
CVSS 3.1
Description
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Metadata

CVE ID
CVE-2026-20214
State
PUBLISHED
Assigner
cisco
Reserved
2025-10-08 11:59 UTC
Published
2026-07-01 16:27 UTC
Last updated
2026-07-01 17:25 UTC
Primary CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer …
Vendor / Product
Cisco / Cisco Secure Endpoint
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Cisco Cisco Secure Endpoint 7.0.5, 6.2.19, 7.3.3, 7.2.13 …
Weakness (CWE)
CWESourceDescription
CWE-120 cna Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview