ClamAV Vulnerabilities Affecting Cisco Products: July 2026
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details section of this advisory. For additional information on these vulnerabilities in ClamAV, see the ClamAV blog . Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Notes: The Security Impact Rating (SIR) for these vulnerabilities is High for Windows-based platforms only because those platforms run the ClamAV scanning process in a privileged security context. The platforms that are highly impacted include Cisco Secure Endpoint Connector for Windows. The SIR for these vulnerabilities is Medium on other platforms, including Linux and Mac platforms, because those platforms run the ClamAV scanning process in a lower-privileged security context. The affected platforms include Secure Endpoint Connector for Linux and Mac. Cisco Secure Endpoint Private Cloud itself is not impacted by these vulnerabilities. However, the Cisco Secure Endpoint Connector software that is distributed from the device is impacted. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR Security Impact Rating: High CVE: CVE-2026-20213,CVE-2026-20214,CVE-2026-20215,CVE-2026-20216,CVE-2026-20217,CVE-2026-20243,CVE-2026-20244
CSIRTS triage
- What
- Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service condition.
- Who is affected
- Deployments of Cisco Secure Endpoint Connector for Windows and other platforms.
- Urgency
- Remediation is high urgency for Windows platforms due to the privileged context of ClamAV.
- Action
- Update Cisco products that utilize ClamAV to the latest version.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch ClamAV
Get an email when a new ClamAV advisory drops — max one per day, one-click unsubscribe.
Details
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-202130.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202140.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202150.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202160.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202170.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202430.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202440.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20213 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20214 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20215 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20216 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20217 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20243 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20244 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] ClamAV: Multiple vulnerabilitiescert-bund
- unknownUSN-8517-1: ClamAV vulnerabilitiesubuntu
- highCVE-2026-20244: ClamAV DMG File Processing Denial of Service Vulnerabilitymsrc
- highCVE-2026-20214: ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20215: ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20216: ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerabilitymsrc
- highCVE-2026-20217: ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20213: ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20243: ClamAV ALZ Archive Processing Denial of Service Vulnerabilitymsrc
- unknownMultiple vulnerabilities in Cisco products (July 2, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in ClamAV (July 2, 2026)cert-fr-avis
- highCVE-2026-20244: A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote…nvd
More from Cisco Security Advisories
- unknownCisco Advance Notification for Publication of July 15, 2026, Security Advisories2026-07-08
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities2026-07-06
- highCisco Catalyst Center Arbitrary File Read Vulnerability2026-07-06
- highCisco Advance Notification for Publication of July 1, 2026, Security Advisories2026-07-01
- criticalCisco Unified Communications Manager Server-Side Request Forgery Vulnerability2026-07-01