Back to overview

CVE-2026-20215

HIGH
7.5
CVSS 3.1
Description
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Metadata

CVE ID
CVE-2026-20215
State
PUBLISHED
Assigner
cisco
Reserved
2025-10-08 11:59 UTC
Published
2026-07-01 16:28 UTC
Last updated
2026-07-01 17:25 UTC
Primary CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer …
Vendor / Product
Cisco / Cisco Secure Endpoint
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Cisco Cisco Secure Endpoint 7.0.5, 6.2.19, 7.3.3, 7.2.13 …
Weakness (CWE)
CWESourceDescription
CWE-120 cna Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview