Anti-Malware Bypass Vulnerability in Cisco Secure Web Appliance
CVE-2026-20056

4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Web Appliance
Vendor: CVE Published:; 4 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-20056?

A vulnerability exists in the Dynamic Vectoring and Streaming (DVS) Engine of Cisco AsyncOS Software for Cisco Secure Web Appliance. This security flaw could be exploited by an unauthorized, remote attacker to bypass the system's anti-malware scanner, thereby enabling the download of potentially malicious archive files. The exploitation is facilitated through the improper handling of specific archive files that should ideally be restricted. Although the malware could be downloaded onto an end user workstation, it will not execute automatically unless the end user extracts and runs the malicious file.

Affected Version(s)

Cisco Secure Web Appliance 11.8.0-453

Cisco Secure Web Appliance 12.5.3-002

Cisco Secure Web Appliance 12.0.3-007

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 4, 2026
Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20056 Data

JSON