CVE-2026-20216
Received Received - Intake

Denial of Service in ClamAV via InstallShield File Parsing

Vulnerability report for CVE-2026-20216, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
clamav clamav *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

Exploitation of this vulnerability can cause the ClamAV scanning process to stop running, which may leave the system unprotected against malware during that time.

Additionally, the attack can temporarily consume available system resources, potentially degrading the performance of the affected device.

Overall, this leads to a denial-of-service condition, impacting the availability and reliability of the affected software.

Executive Summary

This vulnerability exists in the InstallShield file format parser of ClamAV. It occurs because of improper handling of temporary resources during file scanning.

An unauthenticated, remote attacker can exploit this by submitting a specially crafted InstallShield file to be scanned by ClamAV. This can cause the ClamAV scanning process to terminate unexpectedly.

The result is a denial-of-service (DoS) condition on the affected device.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20216. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart