CVE-2026-20070
Received Received - Intake
Cross-Site Scripting in Cisco ASA and FTD VPN Web Services

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious website that is designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the VPN web server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-05-04
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20070
EUVD
EUVD-2026-9469
Affected Vendors & Products
Showing 236 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software 9.16.1
cisco adaptive_security_appliance_software 9.12.2
cisco adaptive_security_appliance_software 9.12.2.5
cisco adaptive_security_appliance_software 9.12.4.4
cisco adaptive_security_appliance_software 9.12.3.2
cisco adaptive_security_appliance_software 9.12.3.7
cisco adaptive_security_appliance_software 9.12.4
cisco adaptive_security_appliance_software 9.12.3.12
cisco adaptive_security_appliance_software 9.12.4.37
cisco adaptive_security_appliance_software 9.12.4.38
cisco adaptive_security_appliance_software 9.12.4.39
cisco adaptive_security_appliance_software 9.17.1
cisco adaptive_security_appliance_software 9.12.3
cisco adaptive_security_appliance_software 9.12.3.9
cisco adaptive_security_appliance_software 9.12.4.26
cisco adaptive_security_appliance_software 9.12.4.30
cisco adaptive_security_appliance_software 9.16.1.28
cisco adaptive_security_appliance_software 9.17.1.7
cisco adaptive_security_appliance_software 9.16.3.14
cisco adaptive_security_appliance_software 9.16.4
cisco adaptive_security_appliance_software 9.18.2.5
cisco adaptive_security_appliance_software 9.17.1.10
cisco adaptive_security_appliance_software 9.17.1.13
cisco adaptive_security_appliance_software 9.18.1
cisco adaptive_security_appliance_software 9.18.1.3
cisco adaptive_security_appliance_software 9.12.1
cisco adaptive_security_appliance_software 9.12.1.2
cisco adaptive_security_appliance_software 9.12.1.3
cisco adaptive_security_appliance_software 9.12.4.10
cisco adaptive_security_appliance_software 9.12.4.13
cisco adaptive_security_appliance_software 9.12.4.8
cisco adaptive_security_appliance_software 9.12.4.18
cisco adaptive_security_appliance_software 9.16.2.3
cisco adaptive_security_appliance_software 9.16.2.7
cisco adaptive_security_appliance_software 9.16.2.11
cisco adaptive_security_appliance_software 9.16.2.13
cisco adaptive_security_appliance_software 9.16.2.14
cisco adaptive_security_appliance_software 9.17.1.11
cisco adaptive_security_appliance_software 9.17.1.15
cisco adaptive_security_appliance_software 9.12.4.2
cisco adaptive_security_appliance_software 9.17.1.9
cisco adaptive_security_appliance_software 9.12.2.4
cisco adaptive_security_appliance_software 9.12.2.9
cisco adaptive_security_appliance_software 9.12.2.1
cisco adaptive_security_appliance_software 9.12.4.7
cisco adaptive_security_appliance_software 9.12.4.24
cisco adaptive_security_appliance_software 9.12.4.29
cisco adaptive_security_appliance_software 9.12.4.35
cisco adaptive_security_appliance_software 9.16.2
cisco adaptive_security_appliance_software 9.16.3.3
cisco adaptive_security_appliance_software 9.16.3
cisco adaptive_security_appliance_software 9.18.2
cisco adaptive_security_appliance_software 9.19.1.9
cisco adaptive_security_appliance_software 9.19.1.5
cisco adaptive_security_appliance_software 9.19.1.18
cisco adaptive_security_appliance_software 9.19.1.12
cisco adaptive_security_appliance_software 9.19.1
cisco adaptive_security_appliance_software 9.18.3.55
cisco adaptive_security_appliance_software 9.18.3.53
cisco adaptive_security_appliance_software 9.18.3.46
cisco adaptive_security_appliance_software 9.18.3.39
cisco adaptive_security_appliance_software 9.18.3
cisco adaptive_security_appliance_software 9.18.2.8
cisco adaptive_security_appliance_software 9.18.2.7
cisco adaptive_security_appliance_software 9.17.1.30
cisco adaptive_security_appliance_software 9.17.1.20
cisco adaptive_security_appliance_software 9.16.4.9
cisco adaptive_security_appliance_software 9.16.4.38
cisco adaptive_security_appliance_software 9.16.4.27
cisco adaptive_security_appliance_software 9.16.4.19
cisco adaptive_security_appliance_software 9.16.4.14
cisco adaptive_security_appliance_software 9.16.3.23
cisco adaptive_security_appliance_software 9.16.3.19
cisco adaptive_security_appliance_software 9.16.3.15
cisco adaptive_security_appliance_software 9.12.4.58
cisco adaptive_security_appliance_software 9.12.4.56
cisco adaptive_security_appliance_software 9.12.4.55
cisco adaptive_security_appliance_software 9.12.4.54
cisco adaptive_security_appliance_software 9.12.4.52
cisco adaptive_security_appliance_software 9.12.4.50
cisco adaptive_security_appliance_software 9.12.4.48
cisco adaptive_security_appliance_software 9.12.4.47
cisco adaptive_security_appliance_software 9.12.4.41
cisco adaptive_security_appliance_software 9.12.4.40
cisco adaptive_security_appliance_software 9.12.4.62
cisco adaptive_security_appliance_software 9.12.4.65
cisco adaptive_security_appliance_software 9.16.4.39
cisco adaptive_security_appliance_software 9.16.4.42
cisco adaptive_security_appliance_software 9.16.4.48
cisco adaptive_security_appliance_software 9.16.4.55
cisco adaptive_security_appliance_software 9.17.1.33
cisco adaptive_security_appliance_software 9.18.3.56
cisco adaptive_security_appliance_software 9.18.4
cisco adaptive_security_appliance_software 9.18.4.5
cisco adaptive_security_appliance_software 9.18.4.8
cisco adaptive_security_appliance_software 9.19.1.22
cisco adaptive_security_appliance_software 9.19.1.24
cisco adaptive_security_appliance_software 9.19.1.27
cisco adaptive_security_appliance_software 9.20.1
cisco adaptive_security_appliance_software 9.20.1.5
cisco adaptive_security_appliance_software 9.20.2
cisco adaptive_security_appliance_software 9.20.2.21
cisco adaptive_security_appliance_software 9.20.2.10
cisco adaptive_security_appliance_software 9.19.1.31
cisco adaptive_security_appliance_software 9.19.1.28
cisco adaptive_security_appliance_software 9.18.4.24
cisco adaptive_security_appliance_software 9.18.4.22
cisco adaptive_security_appliance_software 9.17.1.39
cisco adaptive_security_appliance_software 9.16.4.61
cisco adaptive_security_appliance_software 9.16.4.57
cisco adaptive_security_appliance_software 9.12.4.67
cisco adaptive_security_appliance_software 9.20.3
cisco adaptive_security_appliance_software 9.18.4.40
cisco adaptive_security_appliance_software 9.16.4.70
cisco adaptive_security_appliance_software 9.16.4.67
cisco adaptive_security_appliance_software 9.20.2.22
cisco adaptive_security_appliance_software 9.18.4.34
cisco adaptive_security_appliance_software 9.18.4.29
cisco adaptive_security_appliance_software 9.16.4.62
cisco adaptive_security_appliance_software 9.20.3.4
cisco adaptive_security_appliance_software 9.20.3.7
cisco adaptive_security_appliance_software 9.22.1.1
cisco adaptive_security_appliance_software 9.23.1
cisco adaptive_security_appliance_software 9.16.4.71
cisco adaptive_security_appliance_software 9.16.4.76
cisco adaptive_security_appliance_software 9.16.4.82
cisco adaptive_security_appliance_software 9.16.4.84
cisco adaptive_security_appliance_software 9.16.4.85
cisco adaptive_security_appliance_software 9.17.1.45
cisco adaptive_security_appliance_software 9.17.1.46
cisco adaptive_security_appliance_software 9.18.4.47
cisco adaptive_security_appliance_software 9.18.4.50
cisco adaptive_security_appliance_software 9.18.4.52
cisco adaptive_security_appliance_software 9.18.4.53
cisco adaptive_security_appliance_software 9.18.4.57
cisco adaptive_security_appliance_software 9.18.4.66
cisco adaptive_security_appliance_software 9.18.4.67
cisco adaptive_security_appliance_software 9.18.4.68
cisco adaptive_security_appliance_software 9.19.1.37
cisco adaptive_security_appliance_software 9.19.1.38
cisco adaptive_security_appliance_software 9.19.1.42
cisco adaptive_security_appliance_software 9.20.3.10
cisco adaptive_security_appliance_software 9.20.3.13
cisco adaptive_security_appliance_software 9.20.3.16
cisco adaptive_security_appliance_software 9.20.3.20
cisco adaptive_security_appliance_software 9.20.3.9
cisco adaptive_security_appliance_software 9.20.4
cisco adaptive_security_appliance_software 9.20.4.10
cisco adaptive_security_appliance_software 9.20.4.7
cisco adaptive_security_appliance_software 9.22.1.2
cisco adaptive_security_appliance_software 9.22.1.3
cisco adaptive_security_appliance_software 9.22.1.6
cisco adaptive_security_appliance_software 9.22.2
cisco adaptive_security_appliance_software 9.22.2.13
cisco adaptive_security_appliance_software 9.22.2.14
cisco adaptive_security_appliance_software 9.22.2.4
cisco adaptive_security_appliance_software 9.22.2.9
cisco adaptive_security_appliance_software 9.23.1.13
cisco adaptive_security_appliance_software 9.23.1.19
cisco adaptive_security_appliance_software 9.23.1.3
cisco adaptive_security_appliance_software 9.23.1.7
cisco firepower_threat_defense 6.4.0
cisco firepower_threat_defense 7.1.0
cisco firepower_threat_defense 7.0.0
cisco firepower_threat_defense 7.2.0.1
cisco firepower_threat_defense 7.0.1
cisco firepower_threat_defense 7.0.0.1
cisco firepower_threat_defense 7.0.1.1
cisco firepower_threat_defense 7.0.2
cisco firepower_threat_defense 7.0.2.1
cisco firepower_threat_defense 7.0.3
cisco firepower_threat_defense 7.0.4
cisco firepower_threat_defense 7.1.0.1
cisco firepower_threat_defense 7.1.0.2
cisco firepower_threat_defense 7.2.0
cisco firepower_threat_defense 6.4.0.1
cisco firepower_threat_defense 6.4.0.3
cisco firepower_threat_defense 6.4.0.2
cisco firepower_threat_defense 6.4.0.4
cisco firepower_threat_defense 6.4.0.5
cisco firepower_threat_defense 6.4.0.6
cisco firepower_threat_defense 6.4.0.7
cisco firepower_threat_defense 6.4.0.8
cisco firepower_threat_defense 6.4.0.9
cisco firepower_threat_defense 6.4.0.10
cisco firepower_threat_defense 6.4.0.11
cisco firepower_threat_defense 6.4.0.12
cisco firepower_threat_defense 6.4.0.13
cisco firepower_threat_defense 6.4.0.14
cisco firepower_threat_defense 7.2.1
cisco firepower_threat_defense 7.2.2
cisco firepower_threat_defense 7.2.3
cisco firepower_threat_defense 7.3.1.1
cisco firepower_threat_defense 7.3.1
cisco firepower_threat_defense 7.3.0
cisco firepower_threat_defense 7.2.5
cisco firepower_threat_defense 7.2.4.1
cisco firepower_threat_defense 7.2.4
cisco firepower_threat_defense 7.1.0.3
cisco firepower_threat_defense 7.0.6
cisco firepower_threat_defense 7.0.5
cisco firepower_threat_defense 6.4.0.16
cisco firepower_threat_defense 6.4.0.15
cisco firepower_threat_defense 6.4.0.17
cisco firepower_threat_defense 7.0.6.1
cisco firepower_threat_defense 7.2.5.1
cisco firepower_threat_defense 7.4.0
cisco firepower_threat_defense 7.4.1
cisco firepower_threat_defense 7.4.1.1
cisco firepower_threat_defense 7.2.5.2
cisco firepower_threat_defense 7.3.1.2
cisco firepower_threat_defense 7.2.6
cisco firepower_threat_defense 7.2.7
cisco firepower_threat_defense 6.4.0.18
cisco firepower_threat_defense 7.0.6.2
cisco firepower_threat_defense 7.2.8
cisco firepower_threat_defense 7.2.8.1
cisco firepower_threat_defense 7.4.2
cisco firepower_threat_defense 7.0.6.3
cisco firepower_threat_defense 7.4.2.1
cisco firepower_threat_defense 7.6.0
cisco firepower_threat_defense 7.7.0
cisco firepower_threat_defense 7.0.7
cisco firepower_threat_defense 7.0.8
cisco firepower_threat_defense 7.0.8.1
cisco firepower_threat_defense 7.2.10
cisco firepower_threat_defense 7.2.10.2
cisco firepower_threat_defense 7.2.9
cisco firepower_threat_defense 7.4.2.2
cisco firepower_threat_defense 7.4.2.3
cisco firepower_threat_defense 7.4.2.4
cisco firepower_threat_defense 7.6.1
cisco firepower_threat_defense 7.6.2
cisco firepower_threat_defense 7.6.2.1
cisco firepower_threat_defense 7.7.10
cisco firepower_threat_defense 7.7.10.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-20070 is a medium-severity cross-site scripting (XSS) vulnerability affecting the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the software improperly validates user-supplied input in HTTP requests. An unauthenticated, remote attacker can exploit this by convincing a user to visit a malicious website that submits crafted input to the vulnerable application.'}, {'type': 'paragraph', 'content': "If successfully exploited, the attacker can execute arbitrary HTML or script code in the victim's browser within the context of the VPN web server, potentially compromising the confidentiality and integrity of data handled by the VPN web services."}] [1]


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker to execute arbitrary scripts in the context of a user's browser session when accessing the affected VPN web services."}, {'type': 'paragraph', 'content': "Such script execution can lead to compromise of confidentiality and integrity of data handled by the VPN web services, potentially exposing sensitive information or allowing unauthorized actions within the user's session."}, {'type': 'paragraph', 'content': 'Because the attack requires user interaction (the user must be persuaded to visit a malicious website), it can be used as part of targeted phishing or social engineering attacks.'}] [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the affected features are enabled on your Cisco Secure Firewall ASA or FTD devices.

  • Use the command `show running-config` in the device CLI to verify if either Internet Key Exchange Version 2 (IKEv2) Remote Access VPN with client services enabled (`crypto ikev2 enable client-services port`) or SSL VPN (`webvpn enable`) features are active.

If these features are enabled, the device may be vulnerable to this cross-site scripting issue.


What immediate steps should I take to mitigate this vulnerability?

There are no available workarounds for this vulnerability.

The immediate and recommended step is to upgrade to the fixed software versions released by Cisco to remediate this issue.

Use the Cisco Software Checker tool to identify affected software versions and obtain the appropriate fixed releases.

Follow Cisco’s upgrade guides carefully to ensure hardware and software compatibility during the upgrade process.

If needed, consult Cisco TAC for additional support.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart