CVE-2026-20031

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 1.5.2 ClamAV versions prior to 1.4.4

Description A flaw exists in the HTML Cascading Style Sheets (CSS) module of ClamAV that could allow a remote, unauthenticated attacker to cause a denial of service (DoS) condition. This issue stems from improper error handling when splitting UTF-8 strings. An attacker can exploit this by submitting a specially crafted HTML file to ClamAV for scanning, potentially terminating the scanning process.

Recommendations Update ClamAV to version 1.5.2 or later. Update ClamAV to version 1.4.4 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

CVE-2026-20031

OPENSUSE-SU-2026:10325-1

OPENSUSE-SU-2026:20479-1

SUSE-SU-2026:1324-1

SUSE-SU-2026:1325-1

USN-8207-1

Affected Products

Clamav

Linuxmint

Ubuntu

CVE-2026-20031

Weakness Enumeration

Related Identifiers

Affected Products

References · 26