CVE-2026-20070

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description A flaw exists in the VPN web services component that may allow a remote attacker to perform a cross-site scripting (XSS) attack against a user's browser. This is caused by insufficient validation of input received in HTTP requests. An attacker could trick a user into visiting a malicious website that sends harmful input to the application, potentially enabling the execution of arbitrary HTML or script code within the browser in the context of the VPN web server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.