Multiple vulnerabilities in ClamAV (July 2, 2026)
Multiple vulnerabilities have been discovered in ClamAV. They allow an attacker to cause denial of service and an unspecified security issue by the vendor.
CSIRTS triage
- What
- Multiple vulnerabilities allow for denial of service and an unspecified security issue.
- Who is affected
- Users of ClamAV are affected.
- Urgency
- Remediation is urgent due to the potential for exploitation.
- Action
- Apply patches or mitigations as provided by ClamAV.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch ClamAV
Get an email when a new ClamAV advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0824/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-202160.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202430.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202150.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202130.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202140.46% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-202170.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-202440.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-416760.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20216 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20243 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20215 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20213 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20214 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20217 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20244 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-41676 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] ClamAV: Multiple vulnerabilitiescert-bund
- unknownUSN-8517-1: ClamAV vulnerabilitiesubuntu
- highClamAV Vulnerabilities Affecting Cisco Products: July 2026cisco-psirt
- highCVE-2026-20244: ClamAV DMG File Processing Denial of Service Vulnerabilitymsrc
- highCVE-2026-20214: ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20215: ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20216: ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerabilitymsrc
- highCVE-2026-20217: ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20213: ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc
- highCVE-2026-20243: ClamAV ALZ Archive Processing Denial of Service Vulnerabilitymsrc
- unknownMultiple vulnerabilities in Cisco products (July 2, 2026)cert-fr-avis
- highCVE-2026-20244: A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote…nvd
Recent advisories for ClamAV
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- medium[UPDATE] [medium] ClamAV: Multiple vulnerabilitiescert-bund · 2026-07-10
- unknownUSN-8517-1: ClamAV vulnerabilitiesubuntu · 2026-07-08
- highClamAV Vulnerabilities Affecting Cisco Products: July 2026cisco-psirt · 2026-07-02
- highCVE-2026-20215: ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc · 2026-07-02
- highCVE-2026-20214: ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerabilitymsrc · 2026-07-02
- highCVE-2026-20216: ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerabilitymsrc · 2026-07-02
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10