Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Cisco Firewall Software: Malicious Input Crashes Device
CVE-2026-20106
Summary
A flaw in Cisco's Firewall Software allows a hacker to crash the device by sending a carefully crafted message, causing it to stop working. This can happen even if the hacker doesn't need to log in first. To protect your device, make sure to follow best practices for patching and updating your software regularly and consider implementing additional security measures.
Original title
A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Sof...
Original description
A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust device memory resulting in a denial of service (DoS) condition requiring a manual reboot.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition.
nvd CVSS3.1
5.3
Vulnerability type
CWE-401
Memory Leak
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026