CVE-2026-20056 MEDIUM

CVE-2026-20056: Cisco Secure Web Appliance TBD Bypass Vulnerability

Vendor Cisco
Product Cisco Secure Web Appliance
Weakness CWE-494 · Download without integrity check
Published February 4, 2026
Last update February 4, 2026

CVSS base score

4.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. 

Key dates

02Disclosure timeline

February 4, 2026 CVE published
February 4, 2026 Record updated