CVE-2026-20031 - Vulnerability Details - OpenCVE

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ

History

Wed, 04 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
Title		ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
Weaknesses		CWE-248
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-04T17:17:33.372Z

Updated: 2026-03-04T17:44:55.869Z

Reserved: 2025-10-08T11:59:15.353Z

Link: CVE-2026-20031

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-04T18:16:16.773

Modified: 2026-03-04T18:16:16.773

Link: CVE-2026-20031

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20031", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.353Z", "datePublished": "2026-03-04T17:17:33.372Z", "dateUpdated": "2026-03-04T17:44:55.869Z"}, "containers": {"cna": {"title": "ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ", "name": "cisco-sa-clamav-css-Fn4QSZ"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-clamav-css-Fn4QSZ", "discovery": "EXTERNAL", "defects": ["CSCwq32780"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Uncaught Exception", "type": "cwe", "cweId": "CWE-248"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Endpoint", "versions": [{"version": "7.0.5", "status": "affected"}, {"version": "6.2.19", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.2.13", "status": "affected"}, {"version": "6.1.5", "status": "affected"}, {"version": "6.3.1", "status": "affected"}, {"version": "6.2.5", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "6.2.1", "status": "affected"}, {"version": "7.2.7", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "6.3.5", "status": "affected"}, {"version": "6.2.9", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "6.1.7", "status": "affected"}, {"version": "7.2.11", "status": "affected"}, {"version": "7.2.3", "status": "affected"}, {"version": "7.1.5", "status": "affected"}, {"version": "6.3.3", "status": "affected"}, {"version": "7.3.9", "status": "affected"}, {"version": "6.2.3", "status": "affected"}, {"version": "6.1.9", "status": "affected"}, {"version": "6.0.9", "status": "affected"}, {"version": "7.2.5", "status": "affected"}, {"version": "6.0.7", "status": "affected"}, {"version": "6.3.7", "status": "affected"}, {"version": "1.12.3", "status": "affected"}, {"version": "1.8.0", "status": "affected"}, {"version": "1.11.1", "status": "affected"}, {"version": "1.12.4", "status": "affected"}, {"version": "1.10.0", "status": "affected"}, {"version": "1.12.0", "status": "affected"}, {"version": "1.8.1", "status": "affected"}, {"version": "1.10.1", "status": "affected"}, {"version": "1.12.1", "status": "affected"}, {"version": "1.12.6", "status": "affected"}, {"version": "1.14.0", "status": "affected"}, {"version": "1.10.2", "status": "affected"}, {"version": "1.12.7", "status": "affected"}, {"version": "1.12.2", "status": "affected"}, {"version": "1.6.0", "status": "affected"}, {"version": "1.9.0", "status": "affected"}, {"version": "1.11.0", "status": "affected"}, {"version": "1.7.0", "status": "affected"}, {"version": "1.13.0", "status": "affected"}, {"version": "1.8.4", "status": "affected"}, {"version": "1.13.1", "status": "affected"}, {"version": "1.9.1", "status": "affected"}, {"version": "1.12.5", "status": "affected"}, {"version": "1.13.2", "status": "affected"}, {"version": "2.0.2", "status": "affected"}, {"version": "1.1.0", "status": "affected"}, {"version": "2.0.0", "status": "affected"}, {"version": "2.0.1", "status": "affected"}, {"version": "8.1.7.21512", "status": "affected"}, {"version": "8.1.7", "status": "affected"}, {"version": "8.1.5", "status": "affected"}, {"version": "8.1.3.21242", "status": "affected"}, {"version": "8.1.3", "status": "affected"}, {"version": "8.1.5.21322", "status": "affected"}, {"version": "8.1.7.21417", "status": "affected"}, {"version": "2.1.0.14", "status": "affected"}, {"version": "2.2.0", "status": "affected"}, {"version": "2.3.0", "status": "affected"}, {"version": "2.4.0", "status": "affected"}, {"version": "2.5.0", "status": "affected"}, {"version": "2.6.0", "status": "affected"}, {"version": "2.7.0", "status": "affected"}, {"version": "2.8.0", "status": "affected"}, {"version": "2.9.0", "status": "affected"}, {"version": "2.10.0", "status": "affected"}, {"version": "2.10.1", "status": "affected"}, {"version": "2.11.0", "status": "affected"}, {"version": "1.14.1", "status": "affected"}, {"version": "1.15.1", "status": "affected"}, {"version": "1.15.2", "status": "affected"}, {"version": "1.15.3", "status": "affected"}, {"version": "1.15.4", "status": "affected"}, {"version": "1.15.5", "status": "affected"}, {"version": "1.15.6", "status": "affected"}, {"version": "1.16.0", "status": "affected"}, {"version": "1.16.1", "status": "affected"}, {"version": "1.16.2", "status": "affected"}, {"version": "1.16.3", "status": "affected"}, {"version": "1.18.0", "status": "affected"}, {"version": "1.18.1", "status": "affected"}, {"version": "1.20.0", "status": "affected"}, {"version": "1.21.0", "status": "affected"}, {"version": "1.21.1", "status": "affected"}, {"version": "1.21.2", "status": "affected"}, {"version": "1.21.3", "status": "affected"}, {"version": "1.22.0", "status": "affected"}, {"version": "1.22.1", "status": "affected"}, {"version": "1.22.2", "status": "affected"}, {"version": "1.22.3", "status": "affected"}, {"version": "1.22.4", "status": "affected"}, {"version": "1.24.0", "status": "affected"}, {"version": "1.24.1", "status": "affected"}, {"version": "1.24.2", "status": "affected"}, {"version": "1.24.3", "status": "affected"}, {"version": "1.24.4", "status": "affected"}, {"version": "1.26.0", "status": "affected"}, {"version": "1.24.5", "status": "affected"}, {"version": "1.26.1", "status": "affected"}, {"version": "1.27.0", "status": "affected"}, {"version": "1.15.0", "status": "affected"}, {"version": "1.17.0", "status": "affected"}, {"version": "1.17.1", "status": "affected"}, {"version": "1.17.2", "status": "affected"}, {"version": "1.19.0", "status": "affected"}, {"version": "1.20.1", "status": "affected"}, {"version": "1.20.2", "status": "affected"}, {"version": "1.20.3", "status": "affected"}, {"version": "1.20.4", "status": "affected"}, {"version": "1.20.5", "status": "affected"}, {"version": "1.20.6", "status": "affected"}, {"version": "1.23.0", "status": "affected"}, {"version": "1.23.1", "status": "affected"}, {"version": "1.20.7", "status": "affected"}, {"version": "1.20.8", "status": "affected"}, {"version": "1.25.0", "status": "affected"}, {"version": "1.25.1", "status": "affected"}, {"version": "1.25.2", "status": "affected"}, {"version": "1.27.1", "status": "affected"}, {"version": "1.27.2", "status": "affected"}, {"version": "7.3.13", "status": "affected"}, {"version": "7.3.15", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.4.1.20425", "status": "affected"}, {"version": "7.4.1.20439", "status": "affected"}, {"version": "7.4.3", "status": "affected"}, {"version": "7.4.3.20679", "status": "affected"}, {"version": "7.4.5", "status": "affected"}, {"version": "7.5.1.20813", "status": "affected"}, {"version": "7.5.1.20833", "status": "affected"}, {"version": "7.5.3", "status": "affected"}, {"version": "7.5.5", "status": "affected"}, {"version": "8.0.1.21160", "status": "affected"}, {"version": "8.0.1.21164", "status": "affected"}, {"version": "7.5.7", "status": "affected"}, {"version": "7.5.9", "status": "affected"}, {"version": "7.5.11", "status": "affected"}, {"version": "8.1.7.21585", "status": "affected"}, {"version": "7.5.13.21586", "status": "affected"}, {"version": "7.5.13.21598", "status": "affected"}, {"version": "8.2.1.21612", "status": "affected"}, {"version": "8.2.1.21650", "status": "affected"}, {"version": "7.5.15.21611", "status": "affected"}, {"version": "7.5.17.21680", "status": "affected"}, {"version": "8.2.3.30119", "status": "affected"}, {"version": "8.2.4.30130", "status": "affected"}, {"version": "8.4.0", "status": "affected"}, {"version": "7.5.19", "status": "affected"}, {"version": "8.4.1.30298", "status": "affected"}, {"version": "8.4.2.30317", "status": "affected"}, {"version": "8.4.1.30307", "status": "affected"}, {"version": "7.5.20", "status": "affected"}, {"version": "8.4.3", "status": "affected"}, {"version": "8.4.4.30419", "status": "affected"}, {"version": "8.4.4.30467", "status": "affected"}, {"version": "7.5.21.21732", "status": "affected"}, {"version": "8.4.5.30483", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:44:55.869Z"}}}}