CVE-2026-20050
Memory Corruption in Cisco FTD TLS 1.2 Causes DoS
Publication date: 2026-03-04
Last updated on: 2026-04-16
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | firepower_threat_defense_software | From 7.1.0 (inc) to 7.2.11 (exc) |
| cisco | firepower_threat_defense_software | From 7.6.0 (inc) to 7.6.4 (exc) |
| cisco | firepower_threat_defense_software | From 7.7.0 (inc) to 7.7.11 (exc) |
| cisco | firepower_threat_defense_software | From 7.3.0 (inc) to 7.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-20050 is a medium-severity denial of service (DoS) vulnerability in Cisco Secure Firewall Threat Defense (FTD) Software, specifically in the "Do Not Decrypt" exclusion feature within the SSL decryption policy.'}, {'type': 'paragraph', 'content': 'The vulnerability is caused by improper memory management during the inspection of TLS 1.2 encrypted traffic. An unauthenticated, remote attacker can exploit this by sending specially crafted TLS 1.2 encrypted traffic through a vulnerable device.'}, {'type': 'paragraph', 'content': 'A successful exploit causes the affected device to reload, resulting in a denial of service condition. This issue only affects TLS 1.2 traffic; other TLS versions are not impacted.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service (DoS) condition on affected Cisco Secure Firewall Threat Defense devices.
An attacker can remotely and without authentication send specially crafted TLS 1.2 encrypted traffic that triggers improper memory management, causing the device to reload.
This reload disrupts normal firewall operations, potentially leading to network downtime and loss of availability for services protected by the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects Cisco Secure Firewall Threat Defense (FTD) Software devices that have a "Do Not Decrypt" exclusion configured in their SSL decryption policy and inspect TLS 1.2 encrypted traffic.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you should verify your SSL decryption policy configuration to check if the "Do Not Decrypt" exclusion feature is enabled.'}, {'type': 'paragraph', 'content': 'Cisco recommends consulting the SSL Decryption chapter in the Firepower Device Manager Configuration Guide or the Decryption Policies chapter in the Firewall Management Center Configuration Guide for configuration verification.'}, {'type': 'paragraph', 'content': 'Additionally, you can use the Cisco Software Checker tool to identify if your software version is affected and to find the earliest fixed releases.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability.
The immediate and recommended mitigation step is to upgrade your Cisco Secure Firewall Threat Defense (FTD) Software to the fixed software versions released by Cisco.
Upgrading to these fixed versions will fully address the vulnerability and prevent potential denial of service conditions caused by crafted TLS 1.2 traffic.