CVE-2026-20007

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Threat Defense (FTD) Software versions (affected versions not specified) Snort versions 2 and 3 (affected versions not specified)

Description A flaw exists in the deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software using Snort 2 and Snort 3. This issue could allow a remote, unauthenticated attacker to circumvent established Snort rules, potentially permitting unauthorized traffic onto the network. The root cause is a logic error in how Snort Engine rules interact with Cisco Secure FTD Software during deep packet inspection, where different rules may be triggered for inner and outer connections. An attacker could exploit this by sending specifically crafted traffic, potentially bypassing network security measures.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.