CVE-2026-20053

Name: CVE-2026-20053
Creator: NVD / NIST
Published: 2026-03-04T18:16:19.607+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.8/10EPSS 0.41%

Last modified Jun 17, 2026

This CVE is reserved or awaiting analysis. Details will appear once published by NVD.

Description

Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.

Metrics

CVSS 3.1

5.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

EPSS Probability

0.41%

33.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-122

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3-vbavuls-96UcVVed

Timeline

Published: Mar 4, 2026
Last Modified: Jun 17, 2026
Status: Awaiting Analysis

Are you affected by CVE-2026-20053?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST