CVE-2026-20031

EUVD-2026-9433
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ciscoCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ciscosecure_endpoint
7.0.5
CNA
ciscosecure_endpoint
6.2.19
CNA
ciscosecure_endpoint
7.3.3
CNA
ciscosecure_endpoint
7.2.13
CNA
ciscosecure_endpoint
6.1.5
CNA
ciscosecure_endpoint
6.3.1
CNA
ciscosecure_endpoint
6.2.5
CNA
ciscosecure_endpoint
7.3.5
CNA
ciscosecure_endpoint
6.2.1
CNA
ciscosecure_endpoint
7.2.7
CNA
ciscosecure_endpoint
7.1.1
CNA
ciscosecure_endpoint
6.3.5
CNA
ciscosecure_endpoint
6.2.9
CNA
ciscosecure_endpoint
7.3.1
CNA
ciscosecure_endpoint
6.1.7
CNA
ciscosecure_endpoint
7.2.11
CNA
ciscosecure_endpoint
7.2.3
CNA
ciscosecure_endpoint
7.1.5
CNA
ciscosecure_endpoint
6.3.3
CNA
ciscosecure_endpoint
7.3.9
CNA
ciscosecure_endpoint
6.2.3
CNA
ciscosecure_endpoint
6.1.9
CNA
ciscosecure_endpoint
6.0.9
CNA
ciscosecure_endpoint
7.2.5
CNA
ciscosecure_endpoint
6.0.7
CNA
ciscosecure_endpoint
6.3.7
CNA
ciscosecure_endpoint
1.12.3
CNA
ciscosecure_endpoint
1.8.0
CNA
ciscosecure_endpoint
1.11.1
CNA
ciscosecure_endpoint
1.12.4
CNA
ciscosecure_endpoint
1.10.0
CNA
ciscosecure_endpoint
1.12.0
CNA
ciscosecure_endpoint
1.8.1
CNA
ciscosecure_endpoint
1.10.1
CNA
ciscosecure_endpoint
1.12.1
CNA
ciscosecure_endpoint
1.12.6
CNA
ciscosecure_endpoint
1.14.0
CNA
ciscosecure_endpoint
1.10.2
CNA
ciscosecure_endpoint
1.12.7
CNA
ciscosecure_endpoint
1.12.2
CNA
ciscosecure_endpoint
1.6.0
CNA
ciscosecure_endpoint
1.9.0
CNA
ciscosecure_endpoint
1.11.0
CNA
ciscosecure_endpoint
1.7.0
CNA
ciscosecure_endpoint
1.13.0
CNA
ciscosecure_endpoint
1.8.4
CNA
ciscosecure_endpoint
1.13.1
CNA
ciscosecure_endpoint
1.9.1
CNA
ciscosecure_endpoint
1.12.5
CNA
ciscosecure_endpoint
1.13.2
CNA
ciscosecure_endpoint
2.0.2
CNA
ciscosecure_endpoint
1.1.0
CNA
ciscosecure_endpoint
2.0.0
CNA
ciscosecure_endpoint
2.0.1
CNA
ciscosecure_endpoint
8.1.7.21512
CNA
ciscosecure_endpoint
8.1.7
CNA
ciscosecure_endpoint
8.1.5
CNA
ciscosecure_endpoint
8.1.3.21242
CNA
ciscosecure_endpoint
8.1.3
CNA
ciscosecure_endpoint
8.1.5.21322
CNA
ciscosecure_endpoint
8.1.7.21417
CNA
ciscosecure_endpoint
2.1.0.14
CNA
ciscosecure_endpoint
2.2.0
CNA
ciscosecure_endpoint
2.3.0
CNA
ciscosecure_endpoint
2.4.0
CNA
ciscosecure_endpoint
2.5.0
CNA
ciscosecure_endpoint
2.6.0
CNA
ciscosecure_endpoint
2.7.0
CNA
ciscosecure_endpoint
2.8.0
CNA
ciscosecure_endpoint
2.9.0
CNA
ciscosecure_endpoint
2.10.0
CNA
ciscosecure_endpoint
2.10.1
CNA
ciscosecure_endpoint
2.11.0
CNA
ciscosecure_endpoint
1.14.1
CNA
ciscosecure_endpoint
1.15.1
CNA
ciscosecure_endpoint
1.15.2
CNA
ciscosecure_endpoint
1.15.3
CNA
ciscosecure_endpoint
1.15.4
CNA
ciscosecure_endpoint
1.15.5
CNA
ciscosecure_endpoint
1.15.6
CNA
ciscosecure_endpoint
1.16.0
CNA
ciscosecure_endpoint
1.16.1
CNA
ciscosecure_endpoint
1.16.2
CNA
ciscosecure_endpoint
1.16.3
CNA
ciscosecure_endpoint
1.18.0
CNA
ciscosecure_endpoint
1.18.1
CNA
ciscosecure_endpoint
1.20.0
CNA
ciscosecure_endpoint
1.21.0
CNA
ciscosecure_endpoint
1.21.1
CNA
ciscosecure_endpoint
1.21.2
CNA
ciscosecure_endpoint
1.21.3
CNA
ciscosecure_endpoint
1.22.0
CNA
ciscosecure_endpoint
1.22.1
CNA
ciscosecure_endpoint
1.22.2
CNA
ciscosecure_endpoint
1.22.3
CNA
ciscosecure_endpoint
1.22.4
CNA
ciscosecure_endpoint
1.24.0
CNA
ciscosecure_endpoint
1.24.1
CNA
ciscosecure_endpoint
1.24.2
CNA
ciscosecure_endpoint
1.24.3
CNA
ciscosecure_endpoint
1.24.4
CNA
ciscosecure_endpoint
1.26.0
CNA
ciscosecure_endpoint
1.24.5
CNA
ciscosecure_endpoint
1.26.1
CNA
ciscosecure_endpoint
1.27.0
CNA
ciscosecure_endpoint
1.15.0
CNA
ciscosecure_endpoint
1.17.0
CNA
ciscosecure_endpoint
1.17.1
CNA
ciscosecure_endpoint
1.17.2
CNA
ciscosecure_endpoint
1.19.0
CNA
ciscosecure_endpoint
1.20.1
CNA
ciscosecure_endpoint
1.20.2
CNA
ciscosecure_endpoint
1.20.3
CNA
ciscosecure_endpoint
1.20.4
CNA
ciscosecure_endpoint
1.20.5
CNA
ciscosecure_endpoint
1.20.6
CNA
ciscosecure_endpoint
1.23.0
CNA
ciscosecure_endpoint
1.23.1
CNA
ciscosecure_endpoint
1.20.7
CNA
ciscosecure_endpoint
1.20.8
CNA
ciscosecure_endpoint
1.25.0
CNA
ciscosecure_endpoint
1.25.1
CNA
ciscosecure_endpoint
1.25.2
CNA
ciscosecure_endpoint
1.27.1
CNA
ciscosecure_endpoint
1.27.2
CNA
ciscosecure_endpoint
7.3.13
CNA
ciscosecure_endpoint
7.3.15
CNA
ciscosecure_endpoint
7.4.1
CNA
ciscosecure_endpoint
7.4.1.20425
CNA
ciscosecure_endpoint
7.4.1.20439
CNA
ciscosecure_endpoint
7.4.3
CNA
ciscosecure_endpoint
7.4.3.20679
CNA
ciscosecure_endpoint
7.4.5
CNA
ciscosecure_endpoint
7.5.1.20813
CNA
ciscosecure_endpoint
7.5.1.20833
CNA
ciscosecure_endpoint
7.5.3
CNA
ciscosecure_endpoint
7.5.5
CNA
ciscosecure_endpoint
8.0.1.21160
CNA
ciscosecure_endpoint
8.0.1.21164
CNA
ciscosecure_endpoint
7.5.7
CNA
ciscosecure_endpoint
7.5.9
CNA
ciscosecure_endpoint
7.5.11
CNA
ciscosecure_endpoint
8.1.7.21585
CNA
ciscosecure_endpoint
7.5.13.21586
CNA
ciscosecure_endpoint
7.5.13.21598
CNA
ciscosecure_endpoint
8.2.1.21612
CNA
ciscosecure_endpoint
8.2.1.21650
CNA
ciscosecure_endpoint
7.5.15.21611
CNA
ciscosecure_endpoint
7.5.17.21680
CNA
ciscosecure_endpoint
8.2.3.30119
CNA
ciscosecure_endpoint
8.2.4.30130
CNA
ciscosecure_endpoint
8.4.0
CNA
ciscosecure_endpoint
7.5.19
CNA
ciscosecure_endpoint
8.4.1.30298
CNA
ciscosecure_endpoint
8.4.2.30317
CNA
ciscosecure_endpoint
8.4.1.30307
CNA
ciscosecure_endpoint
7.5.20
CNA
ciscosecure_endpoint
8.4.3
CNA
ciscosecure_endpoint
8.4.4.30419
CNA
ciscosecure_endpoint
8.4.4.30467
CNA
ciscosecure_endpoint
7.5.21.21732
CNA
ciscosecure_endpoint
8.4.5.30483
CNA
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ