CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

ClamAV Vulnerabilities Affecting Cisco Products: July 2026

highCVE-2026-20213CVE-2026-20214CVE-2026-20215CVE-2026-20216CVE-2026-20217CVE-2026-20243
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service (DoS) condition, interrupting scanning operations. For more information about these vulnerabilities, see the Details section of this advisory. For additional information on these vulnerabilities in ClamAV, see the ClamAV blog . Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Notes: The Security Impact Rating (SIR) for these vulnerabilities is High for Windows-based platforms only because those platforms run the ClamAV scanning process in a privileged security context. The platforms that are highly impacted include Cisco Secure Endpoint Connector for Windows. The SIR for these vulnerabilities is Medium on other platforms, including Linux and Mac platforms, because those platforms run the ClamAV scanning process in a lower-privileged security context. The affected platforms include Secure Endpoint Connector for Linux and Mac. Cisco Secure Endpoint Private Cloud itself is not impacted by these vulnerabilities. However, the Cisco Secure Endpoint Connector software that is distributed from the device is impacted. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR Security Impact Rating: High CVE: CVE-2026-20213,CVE-2026-20214,CVE-2026-20215,CVE-2026-20216,CVE-2026-20217,CVE-2026-20243,CVE-2026-20244

CSIRTS triage

What
Multiple vulnerabilities in ClamAV could allow a remote attacker to cause a denial of service condition.
Who is affected
Deployments of Cisco Secure Endpoint Connector for Windows and other platforms.
Urgency
Remediation is high urgency for Windows platforms due to the privileged context of ClamAV.
Action
Update Cisco products that utilize ClamAV to the latest version.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch ClamAV

Get an email when a new ClamAV advisory drops — max one per day, one-click unsubscribe.

Details

Source
Cisco Security Advisories (INTL · vendor-psirt · site)
Severity
high
Published
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=ClamAV%20Vulnerabilities%20Affecting%20Cisco%20Products:%20July%202026%26vs_k=1

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-20213coverage & exploitation statusNVD · CVE.org
CVE-2026-20214coverage & exploitation statusNVD · CVE.org
CVE-2026-20215coverage & exploitation statusNVD · CVE.org
CVE-2026-20216coverage & exploitation statusNVD · CVE.org
CVE-2026-20217coverage & exploitation statusNVD · CVE.org
CVE-2026-20243coverage & exploitation statusNVD · CVE.org
CVE-2026-20244coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from Cisco Security Advisories