Cisco Secure Web Appliance TBD Bypass Vulnerability_CVE-2026-20056

4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Description

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded.

This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file.

Basic Information

ID CVE-2026-20056

Source cisco

Published Feb 4, 2026 at 16:11

Modified Feb 4, 2026 at 16:40

Affected Product

Vendor Cisco

Product Cisco Secure Web Appliance

Version 11.8.0-453

Affected Versions Cisco Cisco Secure Web Appliance 11.8.0-453
Cisco Cisco Secure Web Appliance 12.5.3-002
Cisco Cisco Secure Web Appliance 12.0.3-007
Cisco Cisco Secure Web Appliance 12.0.3-005
Cisco Cisco Secure Web Appliance 14.1.0-032
Cisco Cisco Secure Web Appliance 14.1.0-047
Cisco Cisco Secure Web Appliance 14.1.0-041
Cisco Cisco Secure Web Appliance 12.0.4-002
Cisco Cisco Secure Web Appliance 14.0.2-012
Cisco Cisco Secure Web Appliance 11.8.0-414
Cisco Cisco Secure Web Appliance 12.0.1-268
Cisco Cisco Secure Web Appliance 11.8.1-023
Cisco Cisco Secure Web Appliance 11.8.3-021
Cisco Cisco Secure Web Appliance 11.8.3-018
Cisco Cisco Secure Web Appliance 12.5.1-011
Cisco Cisco Secure Web Appliance 11.8.4-004
Cisco Cisco Secure Web Appliance 12.5.2-007
Cisco Cisco Secure Web Appliance 12.5.2-011
Cisco Cisco Secure Web Appliance 14.5.0-498
Cisco Cisco Secure Web Appliance 12.5.4-005
Cisco Cisco Secure Web Appliance 12.5.4-011
Cisco Cisco Secure Web Appliance 12.0.5-011
Cisco Cisco Secure Web Appliance 14.0.3-014
Cisco Cisco Secure Web Appliance 12.5.5-004
Cisco Cisco Secure Web Appliance 12.5.5-005
Cisco Cisco Secure Web Appliance 12.5.5-008
Cisco Cisco Secure Web Appliance 14.0.4-005
Cisco Cisco Secure Web Appliance 14.5.1-008
Cisco Cisco Secure Web Appliance 14.5.1-016
Cisco Cisco Secure Web Appliance 15.0.0-355
Cisco Cisco Secure Web Appliance 15.0.0-322
Cisco Cisco Secure Web Appliance 12.5.6-008
Cisco Cisco Secure Web Appliance 15.1.0-287
Cisco Cisco Secure Web Appliance 14.5.2-011
Cisco Cisco Secure Web Appliance 15.2.0-116
Cisco Cisco Secure Web Appliance 14.0.5-007
Cisco Cisco Secure Web Appliance 15.2.0-164
Cisco Cisco Secure Web Appliance 14.5.1-510
Cisco Cisco Secure Web Appliance 12.0.2-012
Cisco Cisco Secure Web Appliance 12.0.2-004
Cisco Cisco Secure Web Appliance 14.5.1-607
Cisco Cisco Secure Web Appliance 14.5.3-033
Cisco Cisco Secure Web Appliance 15.0.1-004
Cisco Cisco Secure Web Appliance 15.2.1-011
Cisco Cisco Secure Web Appliance 14.5.0-673
Cisco Cisco Secure Web Appliance 14.5.0-537
Cisco Cisco Secure Web Appliance 12.0.1-334
Cisco Cisco Secure Web Appliance 14.0.1-503
Cisco Cisco Secure Web Appliance 14.0.1-053
Cisco Cisco Secure Web Appliance 11.8.0-429
Cisco Cisco Secure Web Appliance 14.0.1-040
Cisco Cisco Secure Web Appliance 14.0.1-014
Cisco Cisco Secure Web Appliance 12.5.1-043
Cisco Cisco Secure Web Appliance 15.2.2-009
Cisco Cisco Secure Web Appliance 15.5.0-566
Cisco Cisco Secure Web Appliance 15.2.3-007
Cisco Cisco Secure Web Appliance 15.5.0-574
Cisco Cisco Secure Web Appliance 15.5.0-710
Cisco Cisco Secure Web Appliance 15.2.4-022
Cisco Cisco Secure Web Appliance 15.5.1-002

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF

{
    "lastseen": "",
    "description": "A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded.\r\n\r\nThis vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. ",
    "published": "2026-02-04T16:11:48.273Z",
    "modified": "2026-02-04T16:40:11.391Z",
    "type": "cve",
    "title": "Cisco Secure Web Appliance TBD  Bypass Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF",
    "id": "CVE-2026-20056",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Secure Web Appliance 11.8.0-453\nCisco Cisco Secure Web Appliance 12.5.3-002\nCisco Cisco Secure Web Appliance 12.0.3-007\nCisco Cisco Secure Web Appliance 12.0.3-005\nCisco Cisco Secure Web Appliance 14.1.0-032\nCisco Cisco Secure Web Appliance 14.1.0-047\nCisco Cisco Secure Web Appliance 14.1.0-041\nCisco Cisco Secure Web Appliance 12.0.4-002\nCisco Cisco Secure Web Appliance 14.0.2-012\nCisco Cisco Secure Web Appliance 11.8.0-414\nCisco Cisco Secure Web Appliance 12.0.1-268\nCisco Cisco Secure Web Appliance 11.8.1-023\nCisco Cisco Secure Web Appliance 11.8.3-021\nCisco Cisco Secure Web Appliance 11.8.3-018\nCisco Cisco Secure Web Appliance 12.5.1-011\nCisco Cisco Secure Web Appliance 11.8.4-004\nCisco Cisco Secure Web Appliance 12.5.2-007\nCisco Cisco Secure Web Appliance 12.5.2-011\nCisco Cisco Secure Web Appliance 14.5.0-498\nCisco Cisco Secure Web Appliance 12.5.4-005\nCisco Cisco Secure Web Appliance 12.5.4-011\nCisco Cisco Secure Web Appliance 12.0.5-011\nCisco Cisco Secure Web Appliance 14.0.3-014\nCisco Cisco Secure Web Appliance 12.5.5-004\nCisco Cisco Secure Web Appliance 12.5.5-005\nCisco Cisco Secure Web Appliance 12.5.5-008\nCisco Cisco Secure Web Appliance 14.0.4-005\nCisco Cisco Secure Web Appliance 14.5.1-008\nCisco Cisco Secure Web Appliance 14.5.1-016\nCisco Cisco Secure Web Appliance 15.0.0-355\nCisco Cisco Secure Web Appliance 15.0.0-322\nCisco Cisco Secure Web Appliance 12.5.6-008\nCisco Cisco Secure Web Appliance 15.1.0-287\nCisco Cisco Secure Web Appliance 14.5.2-011\nCisco Cisco Secure Web Appliance 15.2.0-116\nCisco Cisco Secure Web Appliance 14.0.5-007\nCisco Cisco Secure Web Appliance 15.2.0-164\nCisco Cisco Secure Web Appliance 14.5.1-510\nCisco Cisco Secure Web Appliance 12.0.2-012\nCisco Cisco Secure Web Appliance 12.0.2-004\nCisco Cisco Secure Web Appliance 14.5.1-607\nCisco Cisco Secure Web Appliance 14.5.3-033\nCisco Cisco Secure Web Appliance 15.0.1-004\nCisco Cisco Secure Web Appliance 15.2.1-011\nCisco Cisco Secure Web Appliance 14.5.0-673\nCisco Cisco Secure Web Appliance 14.5.0-537\nCisco Cisco Secure Web Appliance 12.0.1-334\nCisco Cisco Secure Web Appliance 14.0.1-503\nCisco Cisco Secure Web Appliance 14.0.1-053\nCisco Cisco Secure Web Appliance 11.8.0-429\nCisco Cisco Secure Web Appliance 14.0.1-040\nCisco Cisco Secure Web Appliance 14.0.1-014\nCisco Cisco Secure Web Appliance 12.5.1-043\nCisco Cisco Secure Web Appliance 15.2.2-009\nCisco Cisco Secure Web Appliance 15.5.0-566\nCisco Cisco Secure Web Appliance 15.2.3-007\nCisco Cisco Secure Web Appliance 15.5.0-574\nCisco Cisco Secure Web Appliance 15.5.0-710\nCisco Cisco Secure Web Appliance 15.2.4-022\nCisco Cisco Secure Web Appliance 15.5.1-002",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Secure Web Appliance",
    "version": "11.8.0-453",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply