CVE-2026-20056

MEDIUM

Cisco Secure Web Appliance - Unauthenticated Malware Archive Bypass via Dynamic Vectoring and Streaming Engine

Title source: llm

Description

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. 

References (1)

Core 1

Core References

Various Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF

Scores

CVSS v3 4.0

EPSS 0.0014

EPSS Percentile 3.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-494

Status published

Products (50)

Cisco/Cisco Secure Web Appliance 11.8.0-414

Cisco/Cisco Secure Web Appliance 11.8.0-429

Cisco/Cisco Secure Web Appliance 11.8.0-453

Cisco/Cisco Secure Web Appliance 11.8.1-023

Cisco/Cisco Secure Web Appliance 11.8.3-018

Cisco/Cisco Secure Web Appliance 11.8.3-021

Cisco/Cisco Secure Web Appliance 11.8.4-004

Cisco/Cisco Secure Web Appliance 12.0.1-268

Cisco/Cisco Secure Web Appliance 12.0.1-334

Cisco/Cisco Secure Web Appliance 12.0.2-004

... and 40 more

Published Feb 04, 2026

Tracked Since Feb 18, 2026