CVE-2020-8260

CVE-2020-8260

Vendor N/A
Product Pulse Connect Secure / Pulse Policy Secure
Weakness CWE-434 · Unrestricted file upload
KEV Status Known Exploited
Published October 28, 2020
Last update October 21, 2025

CVSS base score

What the vulnerability does

01Description

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

October 28, 2020 CVE published
October 21, 2025 Record updated

Related vulnerabilities

05Related CVE