CVE-2026-20073

Received Received - Intake

Access Control Bypass in Cisco ASA/FTD via Memory Handling Flaw

Publication date: 2026-03-04

Last updated on: 2026-05-04

Assigner: Cisco Systems, Inc.

Description

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-04

Last Modified

2026-05-04

Generated

2026-05-06

AI Q&A

2026-03-04

EPSS Evaluated

2026-05-05

NVD

CVE-2026-20073

EUVD

EUVD-2026-9470

Affected Vendors & Products

Vendor	Product	Version / Range
cisco	adaptive_security_appliance_software	9.16.1
cisco	adaptive_security_appliance_software	9.12.2
cisco	adaptive_security_appliance_software	9.12.2.5
cisco	adaptive_security_appliance_software	9.12.4.4
cisco	adaptive_security_appliance_software	9.12.3.2
cisco	adaptive_security_appliance_software	9.12.3.7
cisco	adaptive_security_appliance_software	9.12.4
cisco	adaptive_security_appliance_software	9.12.3.12
cisco	adaptive_security_appliance_software	9.12.4.37
cisco	adaptive_security_appliance_software	9.12.4.38
cisco	adaptive_security_appliance_software	9.12.4.39
cisco	adaptive_security_appliance_software	9.17.1
cisco	adaptive_security_appliance_software	9.12.3
cisco	adaptive_security_appliance_software	9.12.3.9
cisco	adaptive_security_appliance_software	9.12.4.26
cisco	adaptive_security_appliance_software	9.12.4.30
cisco	adaptive_security_appliance_software	9.16.1.28
cisco	adaptive_security_appliance_software	9.17.1.7
cisco	adaptive_security_appliance_software	9.16.3.14
cisco	adaptive_security_appliance_software	9.16.4
cisco	adaptive_security_appliance_software	9.18.2.5
cisco	adaptive_security_appliance_software	9.17.1.10
cisco	adaptive_security_appliance_software	9.17.1.13
cisco	adaptive_security_appliance_software	9.18.1
cisco	adaptive_security_appliance_software	9.18.1.3
cisco	adaptive_security_appliance_software	9.12.1
cisco	adaptive_security_appliance_software	9.12.1.2
cisco	adaptive_security_appliance_software	9.12.1.3
cisco	adaptive_security_appliance_software	9.12.4.10
cisco	adaptive_security_appliance_software	9.12.4.13
cisco	adaptive_security_appliance_software	9.12.4.8
cisco	adaptive_security_appliance_software	9.12.4.18
cisco	adaptive_security_appliance_software	9.16.2.3
cisco	adaptive_security_appliance_software	9.16.2.7
cisco	adaptive_security_appliance_software	9.16.2.11
cisco	adaptive_security_appliance_software	9.16.2.13
cisco	adaptive_security_appliance_software	9.16.2.14
cisco	adaptive_security_appliance_software	9.17.1.11
cisco	adaptive_security_appliance_software	9.17.1.15
cisco	adaptive_security_appliance_software	9.12.4.2
cisco	adaptive_security_appliance_software	9.17.1.9
cisco	adaptive_security_appliance_software	9.12.2.4
cisco	adaptive_security_appliance_software	9.12.2.9
cisco	adaptive_security_appliance_software	9.12.2.1
cisco	adaptive_security_appliance_software	9.12.4.7
cisco	adaptive_security_appliance_software	9.12.4.24
cisco	adaptive_security_appliance_software	9.12.4.29
cisco	adaptive_security_appliance_software	9.12.4.35
cisco	adaptive_security_appliance_software	9.16.2
cisco	adaptive_security_appliance_software	9.16.3.3
cisco	adaptive_security_appliance_software	9.16.3
cisco	adaptive_security_appliance_software	9.18.2
cisco	adaptive_security_appliance_software	9.19.1.9
cisco	adaptive_security_appliance_software	9.19.1.5
cisco	adaptive_security_appliance_software	9.19.1.18
cisco	adaptive_security_appliance_software	9.19.1.12
cisco	adaptive_security_appliance_software	9.19.1
cisco	adaptive_security_appliance_software	9.18.3.55
cisco	adaptive_security_appliance_software	9.18.3.53
cisco	adaptive_security_appliance_software	9.18.3.46
cisco	adaptive_security_appliance_software	9.18.3.39
cisco	adaptive_security_appliance_software	9.18.3
cisco	adaptive_security_appliance_software	9.18.2.8
cisco	adaptive_security_appliance_software	9.18.2.7
cisco	adaptive_security_appliance_software	9.17.1.30
cisco	adaptive_security_appliance_software	9.17.1.20
cisco	adaptive_security_appliance_software	9.16.4.9
cisco	adaptive_security_appliance_software	9.16.4.38
cisco	adaptive_security_appliance_software	9.16.4.27
cisco	adaptive_security_appliance_software	9.16.4.19
cisco	adaptive_security_appliance_software	9.16.4.14
cisco	adaptive_security_appliance_software	9.16.3.23
cisco	adaptive_security_appliance_software	9.16.3.19
cisco	adaptive_security_appliance_software	9.16.3.15
cisco	adaptive_security_appliance_software	9.12.4.58
cisco	adaptive_security_appliance_software	9.12.4.56
cisco	adaptive_security_appliance_software	9.12.4.55
cisco	adaptive_security_appliance_software	9.12.4.54
cisco	adaptive_security_appliance_software	9.12.4.52
cisco	adaptive_security_appliance_software	9.12.4.50
cisco	adaptive_security_appliance_software	9.12.4.48
cisco	adaptive_security_appliance_software	9.12.4.47
cisco	adaptive_security_appliance_software	9.12.4.41
cisco	adaptive_security_appliance_software	9.12.4.40
cisco	adaptive_security_appliance_software	9.12.4.62
cisco	adaptive_security_appliance_software	9.12.4.65
cisco	adaptive_security_appliance_software	9.16.4.39
cisco	adaptive_security_appliance_software	9.16.4.42
cisco	adaptive_security_appliance_software	9.16.4.48
cisco	adaptive_security_appliance_software	9.16.4.55
cisco	adaptive_security_appliance_software	9.17.1.33
cisco	adaptive_security_appliance_software	9.18.3.56
cisco	adaptive_security_appliance_software	9.18.4
cisco	adaptive_security_appliance_software	9.18.4.5
cisco	adaptive_security_appliance_software	9.18.4.8
cisco	adaptive_security_appliance_software	9.19.1.22
cisco	adaptive_security_appliance_software	9.19.1.24
cisco	adaptive_security_appliance_software	9.19.1.27
cisco	adaptive_security_appliance_software	9.20.1
cisco	adaptive_security_appliance_software	9.20.1.5
cisco	adaptive_security_appliance_software	9.20.2
cisco	adaptive_security_appliance_software	9.20.2.21
cisco	adaptive_security_appliance_software	9.20.2.10
cisco	adaptive_security_appliance_software	9.19.1.31
cisco	adaptive_security_appliance_software	9.19.1.28
cisco	adaptive_security_appliance_software	9.18.4.24
cisco	adaptive_security_appliance_software	9.18.4.22
cisco	adaptive_security_appliance_software	9.17.1.39
cisco	adaptive_security_appliance_software	9.16.4.61
cisco	adaptive_security_appliance_software	9.16.4.57
cisco	adaptive_security_appliance_software	9.12.4.67
cisco	adaptive_security_appliance_software	9.20.3
cisco	adaptive_security_appliance_software	9.18.4.40
cisco	adaptive_security_appliance_software	9.16.4.70
cisco	adaptive_security_appliance_software	9.16.4.67
cisco	adaptive_security_appliance_software	9.20.2.22
cisco	adaptive_security_appliance_software	9.18.4.34
cisco	adaptive_security_appliance_software	9.18.4.29
cisco	adaptive_security_appliance_software	9.16.4.62
cisco	adaptive_security_appliance_software	9.20.3.4
cisco	adaptive_security_appliance_software	9.20.3.7
cisco	adaptive_security_appliance_software	9.22.1.1
cisco	adaptive_security_appliance_software	9.23.1
cisco	adaptive_security_appliance_software	9.16.4.71
cisco	adaptive_security_appliance_software	9.16.4.76
cisco	adaptive_security_appliance_software	9.16.4.82
cisco	adaptive_security_appliance_software	9.16.4.84
cisco	adaptive_security_appliance_software	9.17.1.45
cisco	adaptive_security_appliance_software	9.17.1.46
cisco	adaptive_security_appliance_software	9.18.4.47
cisco	adaptive_security_appliance_software	9.18.4.50
cisco	adaptive_security_appliance_software	9.18.4.52
cisco	adaptive_security_appliance_software	9.18.4.53
cisco	adaptive_security_appliance_software	9.18.4.57
cisco	adaptive_security_appliance_software	9.18.4.66
cisco	adaptive_security_appliance_software	9.18.4.67
cisco	adaptive_security_appliance_software	9.19.1.37
cisco	adaptive_security_appliance_software	9.19.1.38
cisco	adaptive_security_appliance_software	9.19.1.42
cisco	adaptive_security_appliance_software	9.20.3.10
cisco	adaptive_security_appliance_software	9.20.3.13
cisco	adaptive_security_appliance_software	9.20.3.16
cisco	adaptive_security_appliance_software	9.20.3.20
cisco	adaptive_security_appliance_software	9.20.3.9
cisco	adaptive_security_appliance_software	9.20.4
cisco	adaptive_security_appliance_software	9.20.4.10
cisco	adaptive_security_appliance_software	9.20.4.7
cisco	adaptive_security_appliance_software	9.22.1.2
cisco	adaptive_security_appliance_software	9.22.1.3
cisco	adaptive_security_appliance_software	9.22.1.6
cisco	adaptive_security_appliance_software	9.22.2
cisco	adaptive_security_appliance_software	9.22.2.13
cisco	adaptive_security_appliance_software	9.22.2.4
cisco	adaptive_security_appliance_software	9.22.2.9
cisco	adaptive_security_appliance_software	9.23.1.13
cisco	adaptive_security_appliance_software	9.23.1.19
cisco	adaptive_security_appliance_software	9.23.1.3
cisco	adaptive_security_appliance_software	9.23.1.7
cisco	firepower_threat_defense	6.4.0
cisco	firepower_threat_defense	7.1.0
cisco	firepower_threat_defense	7.0.0
cisco	firepower_threat_defense	7.2.0.1
cisco	firepower_threat_defense	7.0.1
cisco	firepower_threat_defense	7.0.0.1
cisco	firepower_threat_defense	7.0.1.1
cisco	firepower_threat_defense	7.0.2
cisco	firepower_threat_defense	7.0.2.1
cisco	firepower_threat_defense	7.0.3
cisco	firepower_threat_defense	7.0.4
cisco	firepower_threat_defense	7.1.0.1
cisco	firepower_threat_defense	7.1.0.2
cisco	firepower_threat_defense	7.2.0
cisco	firepower_threat_defense	6.4.0.1
cisco	firepower_threat_defense	6.4.0.3
cisco	firepower_threat_defense	6.4.0.2
cisco	firepower_threat_defense	6.4.0.4
cisco	firepower_threat_defense	6.4.0.5
cisco	firepower_threat_defense	6.4.0.6
cisco	firepower_threat_defense	6.4.0.7
cisco	firepower_threat_defense	6.4.0.8
cisco	firepower_threat_defense	6.4.0.9
cisco	firepower_threat_defense	6.4.0.10
cisco	firepower_threat_defense	6.4.0.11
cisco	firepower_threat_defense	6.4.0.12
cisco	firepower_threat_defense	6.4.0.13
cisco	firepower_threat_defense	6.4.0.14
cisco	firepower_threat_defense	7.2.1
cisco	firepower_threat_defense	7.2.2
cisco	firepower_threat_defense	7.2.3
cisco	firepower_threat_defense	7.3.1.1
cisco	firepower_threat_defense	7.3.1
cisco	firepower_threat_defense	7.3.0
cisco	firepower_threat_defense	7.2.5
cisco	firepower_threat_defense	7.2.4.1
cisco	firepower_threat_defense	7.2.4
cisco	firepower_threat_defense	7.1.0.3
cisco	firepower_threat_defense	7.0.6
cisco	firepower_threat_defense	7.0.5
cisco	firepower_threat_defense	6.4.0.16
cisco	firepower_threat_defense	6.4.0.15
cisco	firepower_threat_defense	6.4.0.17
cisco	firepower_threat_defense	7.0.6.1
cisco	firepower_threat_defense	7.2.5.1
cisco	firepower_threat_defense	7.4.0
cisco	firepower_threat_defense	7.4.1
cisco	firepower_threat_defense	7.4.1.1
cisco	firepower_threat_defense	7.2.5.2
cisco	firepower_threat_defense	7.3.1.2
cisco	firepower_threat_defense	7.2.6
cisco	firepower_threat_defense	7.2.7
cisco	firepower_threat_defense	6.4.0.18
cisco	firepower_threat_defense	7.0.6.2
cisco	firepower_threat_defense	7.2.8
cisco	firepower_threat_defense	7.2.8.1
cisco	firepower_threat_defense	7.4.2
cisco	firepower_threat_defense	7.0.6.3
cisco	firepower_threat_defense	7.4.2.1
cisco	firepower_threat_defense	7.6.0
cisco	firepower_threat_defense	7.7.0
cisco	firepower_threat_defense	7.0.7
cisco	firepower_threat_defense	7.0.8
cisco	firepower_threat_defense	7.0.8.1
cisco	firepower_threat_defense	7.2.10
cisco	firepower_threat_defense	7.2.9
cisco	firepower_threat_defense	7.4.2.2
cisco	firepower_threat_defense	7.4.2.3
cisco	firepower_threat_defense	7.4.2.4
cisco	firepower_threat_defense	7.6.1
cisco	firepower_threat_defense	7.6.2
cisco	firepower_threat_defense	7.6.2.1
cisco	firepower_threat_defense	7.7.10
cisco	firepower_threat_defense	7.7.10.1

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-284	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability affects Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software when used in a cluster configuration.

It occurs due to improper error handling when a device joining a cluster runs out of memory while replicating access control lists (ACLs). If the ACL contains many entries, memory exhaustion can cause the device to join the cluster with an incomplete ACL.

As a result, traffic that should be denied by the firewall may be allowed through, enabling an unauthenticated, remote attacker to bypass access controls and reach protected network devices.

How can this vulnerability impact me? :

The vulnerability can allow an unauthenticated, remote attacker to bypass firewall access controls by sending traffic that should be blocked through the affected device.

This could lead to unauthorized access to devices within protected networks, potentially exposing sensitive systems or data.

There are no workarounds available; the only mitigation is upgrading to fixed software releases provided by Cisco.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability affects Cisco Secure Firewall ASA and Secure FTD Software when deployed in a cluster configuration. To detect if your device is potentially affected, you can verify if clustering is enabled and check the cluster status and node details.

Use the device CLI command `show cluster info` to display cluster status and node details.

Additionally, Cisco provides a Software Checker tool to help identify vulnerable software versions and the earliest fixed releases.

What immediate steps should I take to mitigate this vulnerability?

There are no workarounds available for this vulnerability. The immediate and recommended mitigation step is to upgrade to the fixed software releases provided by Cisco.

Customers are strongly advised to upgrade affected devices running vulnerable versions of Cisco Secure Firewall ASA or Secure FTD Software in cluster mode to the fixed releases.

If assistance is needed, contacting Cisco Technical Assistance Center (TAC) for upgrade support is recommended.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-20073

Access Control Bypass in Cisco ASA/FTD via Memory Handling Flaw

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart