Cisco ASA and FTD Devices Can Crash from Malformed IKEv2 Traffic

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.7

Cisco ASA and FTD Devices Can Crash from Malformed IKEv2 Traffic

CVE-2026-20049

Summary

A flaw in the way Cisco ASA and FTD devices handle certain internet traffic can cause them to crash if an attacker sends specially crafted data. This can interrupt service and require a device restart. To protect your devices, apply the latest security updates and ensure users have valid login credentials to access the devices.

Original title

Original description

A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.

nvd CVSS3.1 7.7

Vulnerability type

CWE-131

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026