CVE-2026-20101
Received Received - Intake
SAML Message Processing DoS in Cisco Secure Firewall Software

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-05-27
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-25
NVD
CVE-2026-20101
EUVD
EUVD-2026-9440
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.12.1 (inc) to 9.16.4.85 (exc)
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.66 (exc)
cisco adaptive_security_appliance_software From 9.19.1 (inc) to 9.20.4 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.4 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.7 (exc)
cisco firepower_threat_defense_software From 6.4.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.11 (exc)
cisco firepower_threat_defense_software From 7.3.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 7.6.4 (exc)
cisco firepower_threat_defense_software From 7.7.0 (inc) to 7.7.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software. It is caused by insufficient error checking when processing SAML messages.

An unauthenticated, remote attacker can exploit this by sending specially crafted SAML messages to the device's SAML service.

If successful, the exploit causes the device to reload unexpectedly, resulting in a denial-of-service (DoS) condition.


How can this vulnerability impact me? :

The primary impact of this vulnerability is a denial-of-service (DoS) condition on affected Cisco Secure Firewall ASA and Secure FTD devices.

An attacker can cause the device to reload unexpectedly, which can disrupt network security operations and availability.

This could lead to temporary loss of firewall protection and potential interruption of business-critical network services.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart