Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Cisco Firewall Software: Unauthenticated DoS via VPN Web Server
CVE-2026-20039
Summary
A vulnerability in Cisco Firewall Software's VPN web server could allow an attacker to crash the system, making it unavailable to users. This could happen if the attacker sends a large number of specially crafted requests to the system. To protect your system, apply the latest updates and configure your VPN server to limit the number of incoming requests.
Original title
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, rem...
Original description
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
nvd CVSS3.1
8.6
Vulnerability type
CWE-244
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026