Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.8
Cisco Products Can Crash with Malformed VBA Data
CVE-2026-20054
Summary
Some Cisco products have a flaw in their Snort 3 Detection Engine that can be exploited by a hacker sending a specially crafted message. This could cause the engine to crash, making the device unavailable. Cisco will likely release a fix to prevent this from happening.
Original title
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
This...
Original description
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.
This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition.
This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition.
nvd CVSS3.1
5.8
Vulnerability type
CWE-835
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026