Back to overview

CVE-2026-20216

HIGH
7.5
CVSS 3.1
Description
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.

Metadata

CVE ID
CVE-2026-20216
State
PUBLISHED
Assigner
cisco
Reserved
2025-10-08 11:59 UTC
Published
2026-07-01 16:27 UTC
Last updated
2026-07-01 17:25 UTC
Primary CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Vendor / Product
Cisco / Cisco Secure Endpoint
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Cisco Cisco Secure Endpoint 7.0.5, 6.2.19, 7.3.3, 7.2.13 …
Weakness (CWE)
CWESourceDescription
CWE-770 cna Allocation of Resources Without Limits or Throttling
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview