Multiple vulnerabilities in Cisco products (July 2, 2026)
Multiple vulnerabilities have been discovered in Cisco products. They allow an attacker to cause a remote denial of service and a breach of data confidentiality.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to cause a remote denial of service and a breach of data confidentiality.
- Who is affected
- Users of affected Cisco products.
- Urgency
- Remediation is urgent due to the potential for remote denial of service and data confidentiality breaches, with unknown exploitation status.
- Action
- Upgrade to the fixed software as indicated in the advisories.
AI-assisted analysis generated from the source advisory — verify against the original.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0825/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-202160.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202430.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202150.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202130.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202140.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202170.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202440.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-201910.76% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20216 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20243 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20215 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20213 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20214 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20217 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20244 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20191 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] ClamAV: Multiple vulnerabilitiescert-bund
- unknownUSN-8517-1: ClamAV vulnerabilitiesubuntu
- highCisco Catalyst Center Arbitrary File Read Vulnerabilitycisco-psirt
- medium[UPDATE] [medium] Cisco Catalyst Center: Vulnerability Allows Information Disclosurecert-bund
- highClamAV Vulnerabilities Affecting Cisco Products: July 2026cisco-psirt
- unknownNCSC-2026-0218 [1.00] [M/H] Vulnerability fixed in Cisco Catalyst Centerncsc-nl
- highCVE-2026-20244: ClamAV DMG File Processing Denial of Service Vulnerabilitymsrc
- highCVE-2026-20214: ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20215: ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20216: ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerabilitymsrc
- highCVE-2026-20217: ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20213: ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
Recent advisories for Cisco products
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- highClamAV Vulnerabilities Affecting Cisco Products: July 2026cisco-psirt · 2026-07-02
- criticalexploited2026-002: Multiple Vulnerabilities in Cisco Productscert-eu · 2026-02-26
- criticalexploitedCVE-2026-20045: Cisco Unified Communications Products Code Injection Vulnerabilitycisa-kev · 2026-01-21
- criticalexploitedCVE-2025-20393: Cisco Multiple Products Improper Input Validation Vulnerabilitycisa-kev · 2025-12-17
- unknownexploitedMultiple vulnerabilities in Cisco products (April 25, 2024)cert-fr-alerte · 2024-04-25
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10