CVE-2026-20056

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS Software for Cisco Secure Web Appliance (affected versions not specified)

Description A flaw in the Dynamic Vectoring and Streaming (DVS) Engine implementation may allow a remote, unauthenticated attacker to circumvent the anti-malware scanner. This bypass enables the download of malicious archive files. The issue stems from improper handling of specific archive files. An attacker could exploit this by transmitting a specially crafted archive file through an affected device. Successful exploitation could result in the attacker bypassing the anti-malware scanner and downloading malware to an end user's workstation. The malware will not execute automatically unless the user extracts and runs the malicious file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.