CVE-2026-20039

Received Received - Intake

Memory Management DoS in Cisco ASA and FTD VPN Web Server

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-04

Last Modified

2026-04-16

Generated

2026-06-16

AI Q&A

2026-03-04

EPSS Evaluated

2026-06-15

NVD

CVE-2026-20039

EUVD

EUVD-2026-9434

Affected Vendors & Products

Vendor	Product	Version / Range
cisco	adaptive_security_appliance_software	From 9.17.1 (inc) to 9.18.4.57 (exc)
cisco	adaptive_security_appliance_software	From 9.22.1.1 (inc) to 9.22.2.4 (exc)
cisco	adaptive_security_appliance_software	From 9.23.1 (inc) to 9.23.1.3 (exc)
cisco	adaptive_security_appliance_software	From 9.12.1 (inc) to 9.16.4.84 (exc)
cisco	adaptive_security_appliance_software	From 9.19.1 (inc) to 9.20.3.16 (exc)
cisco	firepower_threat_defense_software	From 6.4.0 (inc) to 7.0.9 (exc)
cisco	firepower_threat_defense_software	From 7.3.0 (inc) to 7.4.3 (exc)
cisco	firepower_threat_defense_software	From 7.7.0 (inc) to 7.7.10 (exc)
cisco	firepower_threat_defense_software	From 7.1.0 (inc) to 7.2.10 (exc)
cisco	firepower_threat_defense_software	From 7.6.0 (inc) to 7.6.1 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-244	Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

Attack-Flow Graph

Executive Summary

This vulnerability exists in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

It is caused by ineffective memory management in the VPN web server, which can be exploited by an unauthenticated, remote attacker.

The attacker can send a large number of specially crafted HTTP requests to the affected device, which may cause the device to reload unexpectedly.

This results in a denial of service (DoS) condition, making the device temporarily unavailable.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition on the affected device.

An attacker exploiting this vulnerability can cause the device to reload, disrupting normal operations and potentially causing network downtime.

This can affect availability of VPN services and network security functions provided by the Cisco Secure Firewall devices.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-20039. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-20039

Memory Management DoS in Cisco ASA and FTD VPN Web Server

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart