Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
Cisco Firewall Software: SAML SSO Vulnerability Exposes Browser Data
CVE-2026-20102
Summary
Cisco Firewall Software's SAML SSO feature has a security weakness that could allow an attacker to steal sensitive browser data by sending a malicious link to a user. This could happen if a user clicks on the link, potentially exposing their information to the attacker. Users should update their Cisco Firewall Software to the latest version to fix this issue.
Original title
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote att...
Original description
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.
This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.
This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026