CVE-2026-20070
Received Received - Intake
Cross-Site Scripting in Cisco ASA and FTD VPN Web Services

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious website that is designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the VPN web server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20070
EUVD
EUVD-2026-9469
Affected Vendors & Products
Showing 236 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software 9.16.1
cisco adaptive_security_appliance_software 9.12.2
cisco adaptive_security_appliance_software 9.12.2.5
cisco adaptive_security_appliance_software 9.12.4.4
cisco adaptive_security_appliance_software 9.12.3.2
cisco adaptive_security_appliance_software 9.12.3.7
cisco adaptive_security_appliance_software 9.12.4
cisco adaptive_security_appliance_software 9.12.3.12
cisco adaptive_security_appliance_software 9.12.4.37
cisco adaptive_security_appliance_software 9.12.4.38
cisco adaptive_security_appliance_software 9.12.4.39
cisco adaptive_security_appliance_software 9.17.1
cisco adaptive_security_appliance_software 9.12.3
cisco adaptive_security_appliance_software 9.12.3.9
cisco adaptive_security_appliance_software 9.12.4.26
cisco adaptive_security_appliance_software 9.12.4.30
cisco adaptive_security_appliance_software 9.16.1.28
cisco adaptive_security_appliance_software 9.17.1.7
cisco adaptive_security_appliance_software 9.16.3.14
cisco adaptive_security_appliance_software 9.16.4
cisco adaptive_security_appliance_software 9.18.2.5
cisco adaptive_security_appliance_software 9.17.1.10
cisco adaptive_security_appliance_software 9.17.1.13
cisco adaptive_security_appliance_software 9.18.1
cisco adaptive_security_appliance_software 9.18.1.3
cisco adaptive_security_appliance_software 9.12.1
cisco adaptive_security_appliance_software 9.12.1.2
cisco adaptive_security_appliance_software 9.12.1.3
cisco adaptive_security_appliance_software 9.12.4.10
cisco adaptive_security_appliance_software 9.12.4.13
cisco adaptive_security_appliance_software 9.12.4.8
cisco adaptive_security_appliance_software 9.12.4.18
cisco adaptive_security_appliance_software 9.16.2.3
cisco adaptive_security_appliance_software 9.16.2.7
cisco adaptive_security_appliance_software 9.16.2.11
cisco adaptive_security_appliance_software 9.16.2.13
cisco adaptive_security_appliance_software 9.16.2.14
cisco adaptive_security_appliance_software 9.17.1.11
cisco adaptive_security_appliance_software 9.17.1.15
cisco adaptive_security_appliance_software 9.12.4.2
cisco adaptive_security_appliance_software 9.17.1.9
cisco adaptive_security_appliance_software 9.12.2.4
cisco adaptive_security_appliance_software 9.12.2.9
cisco adaptive_security_appliance_software 9.12.2.1
cisco adaptive_security_appliance_software 9.12.4.7
cisco adaptive_security_appliance_software 9.12.4.24
cisco adaptive_security_appliance_software 9.12.4.29
cisco adaptive_security_appliance_software 9.12.4.35
cisco adaptive_security_appliance_software 9.16.2
cisco adaptive_security_appliance_software 9.16.3.3
cisco adaptive_security_appliance_software 9.16.3
cisco adaptive_security_appliance_software 9.18.2
cisco adaptive_security_appliance_software 9.19.1.9
cisco adaptive_security_appliance_software 9.19.1.5
cisco adaptive_security_appliance_software 9.19.1.18
cisco adaptive_security_appliance_software 9.19.1.12
cisco adaptive_security_appliance_software 9.19.1
cisco adaptive_security_appliance_software 9.18.3.55
cisco adaptive_security_appliance_software 9.18.3.53
cisco adaptive_security_appliance_software 9.18.3.46
cisco adaptive_security_appliance_software 9.18.3.39
cisco adaptive_security_appliance_software 9.18.3
cisco adaptive_security_appliance_software 9.18.2.8
cisco adaptive_security_appliance_software 9.18.2.7
cisco adaptive_security_appliance_software 9.17.1.30
cisco adaptive_security_appliance_software 9.17.1.20
cisco adaptive_security_appliance_software 9.16.4.9
cisco adaptive_security_appliance_software 9.16.4.38
cisco adaptive_security_appliance_software 9.16.4.27
cisco adaptive_security_appliance_software 9.16.4.19
cisco adaptive_security_appliance_software 9.16.4.14
cisco adaptive_security_appliance_software 9.16.3.23
cisco adaptive_security_appliance_software 9.16.3.19
cisco adaptive_security_appliance_software 9.16.3.15
cisco adaptive_security_appliance_software 9.12.4.58
cisco adaptive_security_appliance_software 9.12.4.56
cisco adaptive_security_appliance_software 9.12.4.55
cisco adaptive_security_appliance_software 9.12.4.54
cisco adaptive_security_appliance_software 9.12.4.52
cisco adaptive_security_appliance_software 9.12.4.50
cisco adaptive_security_appliance_software 9.12.4.48
cisco adaptive_security_appliance_software 9.12.4.47
cisco adaptive_security_appliance_software 9.12.4.41
cisco adaptive_security_appliance_software 9.12.4.40
cisco adaptive_security_appliance_software 9.12.4.62
cisco adaptive_security_appliance_software 9.12.4.65
cisco adaptive_security_appliance_software 9.16.4.39
cisco adaptive_security_appliance_software 9.16.4.42
cisco adaptive_security_appliance_software 9.16.4.48
cisco adaptive_security_appliance_software 9.16.4.55
cisco adaptive_security_appliance_software 9.17.1.33
cisco adaptive_security_appliance_software 9.18.3.56
cisco adaptive_security_appliance_software 9.18.4
cisco adaptive_security_appliance_software 9.18.4.5
cisco adaptive_security_appliance_software 9.18.4.8
cisco adaptive_security_appliance_software 9.19.1.22
cisco adaptive_security_appliance_software 9.19.1.24
cisco adaptive_security_appliance_software 9.19.1.27
cisco adaptive_security_appliance_software 9.20.1
cisco adaptive_security_appliance_software 9.20.1.5
cisco adaptive_security_appliance_software 9.20.2
cisco adaptive_security_appliance_software 9.20.2.21
cisco adaptive_security_appliance_software 9.20.2.10
cisco adaptive_security_appliance_software 9.19.1.31
cisco adaptive_security_appliance_software 9.19.1.28
cisco adaptive_security_appliance_software 9.18.4.24
cisco adaptive_security_appliance_software 9.18.4.22
cisco adaptive_security_appliance_software 9.17.1.39
cisco adaptive_security_appliance_software 9.16.4.61
cisco adaptive_security_appliance_software 9.16.4.57
cisco adaptive_security_appliance_software 9.12.4.67
cisco adaptive_security_appliance_software 9.20.3
cisco adaptive_security_appliance_software 9.18.4.40
cisco adaptive_security_appliance_software 9.16.4.70
cisco adaptive_security_appliance_software 9.16.4.67
cisco adaptive_security_appliance_software 9.20.2.22
cisco adaptive_security_appliance_software 9.18.4.34
cisco adaptive_security_appliance_software 9.18.4.29
cisco adaptive_security_appliance_software 9.16.4.62
cisco adaptive_security_appliance_software 9.20.3.4
cisco adaptive_security_appliance_software 9.20.3.7
cisco adaptive_security_appliance_software 9.22.1.1
cisco adaptive_security_appliance_software 9.23.1
cisco adaptive_security_appliance_software 9.16.4.71
cisco adaptive_security_appliance_software 9.16.4.76
cisco adaptive_security_appliance_software 9.16.4.82
cisco adaptive_security_appliance_software 9.16.4.84
cisco adaptive_security_appliance_software 9.16.4.85
cisco adaptive_security_appliance_software 9.17.1.45
cisco adaptive_security_appliance_software 9.17.1.46
cisco adaptive_security_appliance_software 9.18.4.47
cisco adaptive_security_appliance_software 9.18.4.50
cisco adaptive_security_appliance_software 9.18.4.52
cisco adaptive_security_appliance_software 9.18.4.53
cisco adaptive_security_appliance_software 9.18.4.57
cisco adaptive_security_appliance_software 9.18.4.66
cisco adaptive_security_appliance_software 9.18.4.67
cisco adaptive_security_appliance_software 9.18.4.68
cisco adaptive_security_appliance_software 9.19.1.37
cisco adaptive_security_appliance_software 9.19.1.38
cisco adaptive_security_appliance_software 9.19.1.42
cisco adaptive_security_appliance_software 9.20.3.10
cisco adaptive_security_appliance_software 9.20.3.13
cisco adaptive_security_appliance_software 9.20.3.16
cisco adaptive_security_appliance_software 9.20.3.20
cisco adaptive_security_appliance_software 9.20.3.9
cisco adaptive_security_appliance_software 9.20.4
cisco adaptive_security_appliance_software 9.20.4.10
cisco adaptive_security_appliance_software 9.20.4.7
cisco adaptive_security_appliance_software 9.22.1.2
cisco adaptive_security_appliance_software 9.22.1.3
cisco adaptive_security_appliance_software 9.22.1.6
cisco adaptive_security_appliance_software 9.22.2
cisco adaptive_security_appliance_software 9.22.2.13
cisco adaptive_security_appliance_software 9.22.2.14
cisco adaptive_security_appliance_software 9.22.2.4
cisco adaptive_security_appliance_software 9.22.2.9
cisco adaptive_security_appliance_software 9.23.1.13
cisco adaptive_security_appliance_software 9.23.1.19
cisco adaptive_security_appliance_software 9.23.1.3
cisco adaptive_security_appliance_software 9.23.1.7
cisco firepower_threat_defense 6.4.0
cisco firepower_threat_defense 7.1.0
cisco firepower_threat_defense 7.0.0
cisco firepower_threat_defense 7.2.0.1
cisco firepower_threat_defense 7.0.1
cisco firepower_threat_defense 7.0.0.1
cisco firepower_threat_defense 7.0.1.1
cisco firepower_threat_defense 7.0.2
cisco firepower_threat_defense 7.0.2.1
cisco firepower_threat_defense 7.0.3
cisco firepower_threat_defense 7.0.4
cisco firepower_threat_defense 7.1.0.1
cisco firepower_threat_defense 7.1.0.2
cisco firepower_threat_defense 7.2.0
cisco firepower_threat_defense 6.4.0.1
cisco firepower_threat_defense 6.4.0.3
cisco firepower_threat_defense 6.4.0.2
cisco firepower_threat_defense 6.4.0.4
cisco firepower_threat_defense 6.4.0.5
cisco firepower_threat_defense 6.4.0.6
cisco firepower_threat_defense 6.4.0.7
cisco firepower_threat_defense 6.4.0.8
cisco firepower_threat_defense 6.4.0.9
cisco firepower_threat_defense 6.4.0.10
cisco firepower_threat_defense 6.4.0.11
cisco firepower_threat_defense 6.4.0.12
cisco firepower_threat_defense 6.4.0.13
cisco firepower_threat_defense 6.4.0.14
cisco firepower_threat_defense 7.2.1
cisco firepower_threat_defense 7.2.2
cisco firepower_threat_defense 7.2.3
cisco firepower_threat_defense 7.3.1.1
cisco firepower_threat_defense 7.3.1
cisco firepower_threat_defense 7.3.0
cisco firepower_threat_defense 7.2.5
cisco firepower_threat_defense 7.2.4.1
cisco firepower_threat_defense 7.2.4
cisco firepower_threat_defense 7.1.0.3
cisco firepower_threat_defense 7.0.6
cisco firepower_threat_defense 7.0.5
cisco firepower_threat_defense 6.4.0.16
cisco firepower_threat_defense 6.4.0.15
cisco firepower_threat_defense 6.4.0.17
cisco firepower_threat_defense 7.0.6.1
cisco firepower_threat_defense 7.2.5.1
cisco firepower_threat_defense 7.4.0
cisco firepower_threat_defense 7.4.1
cisco firepower_threat_defense 7.4.1.1
cisco firepower_threat_defense 7.2.5.2
cisco firepower_threat_defense 7.3.1.2
cisco firepower_threat_defense 7.2.6
cisco firepower_threat_defense 7.2.7
cisco firepower_threat_defense 6.4.0.18
cisco firepower_threat_defense 7.0.6.2
cisco firepower_threat_defense 7.2.8
cisco firepower_threat_defense 7.2.8.1
cisco firepower_threat_defense 7.4.2
cisco firepower_threat_defense 7.0.6.3
cisco firepower_threat_defense 7.4.2.1
cisco firepower_threat_defense 7.6.0
cisco firepower_threat_defense 7.7.0
cisco firepower_threat_defense 7.0.7
cisco firepower_threat_defense 7.0.8
cisco firepower_threat_defense 7.0.8.1
cisco firepower_threat_defense 7.2.10
cisco firepower_threat_defense 7.2.10.2
cisco firepower_threat_defense 7.2.9
cisco firepower_threat_defense 7.4.2.2
cisco firepower_threat_defense 7.4.2.3
cisco firepower_threat_defense 7.4.2.4
cisco firepower_threat_defense 7.6.1
cisco firepower_threat_defense 7.6.2
cisco firepower_threat_defense 7.6.2.1
cisco firepower_threat_defense 7.7.10
cisco firepower_threat_defense 7.7.10.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-20070 is a medium-severity cross-site scripting (XSS) vulnerability affecting the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the software improperly validates user-supplied input in HTTP requests. An unauthenticated, remote attacker can exploit this by convincing a user to visit a malicious website that submits crafted input to the vulnerable application.'}, {'type': 'paragraph', 'content': "If successfully exploited, the attacker can execute arbitrary HTML or script code in the victim's browser within the context of the VPN web server, potentially compromising the confidentiality and integrity of data handled by the VPN web services."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker to execute arbitrary scripts in the context of a user's browser session when accessing the affected VPN web services."}, {'type': 'paragraph', 'content': "Such script execution can lead to compromise of confidentiality and integrity of data handled by the VPN web services, potentially exposing sensitive information or allowing unauthorized actions within the user's session."}, {'type': 'paragraph', 'content': 'Because the attack requires user interaction (the user must be persuaded to visit a malicious website), it can be used as part of targeted phishing or social engineering attacks.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the affected features are enabled on your Cisco Secure Firewall ASA or FTD devices.

  • Use the command `show running-config` in the device CLI to verify if either Internet Key Exchange Version 2 (IKEv2) Remote Access VPN with client services enabled (`crypto ikev2 enable client-services port`) or SSL VPN (`webvpn enable`) features are active.

If these features are enabled, the device may be vulnerable to this cross-site scripting issue.

Mitigation Strategies

There are no available workarounds for this vulnerability.

The immediate and recommended step is to upgrade to the fixed software versions released by Cisco to remediate this issue.

Use the Cisco Software Checker tool to identify affected software versions and obtain the appropriate fixed releases.

Follow Cisco’s upgrade guides carefully to ensure hardware and software compatibility during the upgrade process.

If needed, consult Cisco TAC for additional support.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20070. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart