Remote Access SSL VPN Vulnerability in Cisco Secure Firewall Products
CVE-2026-20103

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Firewall Adaptive Security Appliance (asa) Software; Cisco Secure Firewall Threat Defense (ftd) Software
Vendor: CVE Published:; 4 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20103?

A vulnerability affecting the Remote Access SSL VPN functionality in Cisco's Secure Firewall ASA and FTD Software could enable an unauthenticated remote attacker to exploit device memory leading to a denial of service condition. This issue arises from insufficient validation of user inputs, allowing attackers to send specially crafted packets to the Remote Access SSL VPN server. Successful exploitation could result in the unavailability of VPN connections, causing interruptions while potentially leaving the management interface temporarily unresponsive.

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.48

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.50

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.52

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2026
Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20103 Data

JSON