Authentication Bypass Vulnerability in Cisco Secure Web Appliance
CVE-2026-20152

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Web Appliance
Vendor: CVE Published:; 15 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20152?

The authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance contains a vulnerability that may allow an unauthenticated, remote attacker to bypass authentication policy requirements. This situation arises from improper validation of user-supplied authentication input within HTTP requests. An attacker could exploit this issue by sending specially crafted HTTP requests, enabling them to circumvent policy enforcement mechanisms designed to restrict access. While there is no immediate impact on the Cisco Secure Web Appliance, successful exploitation could facilitate access to requests that should otherwise remain restricted.

Affected Version(s)

Cisco Secure Web Appliance 11.8.0-453

Cisco Secure Web Appliance 12.5.3-002

Cisco Secure Web Appliance 12.0.3-007

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 15, 2026
Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20152 Data

JSON