CVE-2026-20152

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Secure Web Appliance (affected versions not specified)

Description An issue in the authentication service feature allows an unauthenticated remote attacker to bypass authentication policy requirements. This is caused by improper validation of user-supplied authentication input in HTTP requests. By sending specific authentication requests, an attacker can bypass policy enforcement, enabling the transmission of HTTP requests that should otherwise be restricted by the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.