ClamAV CSS Module DoS via Crafted HTML (CVE-2026-20031)
CVE-2026-20031 Published on March 4, 2026
ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
Vulnerability Analysis
CVE-2026-20031 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Uncaught Exception
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Products Associated with CVE-2026-20031
Want to know whenever a new CVE is published for Cisco Secure Endpoint? stack.watch will email you.
Affected Versions
Cisco Secure Endpoint:- Version 7.0.5 is affected.
- Version 6.2.19 is affected.
- Version 7.3.3 is affected.
- Version 7.2.13 is affected.
- Version 6.1.5 is affected.
- Version 6.3.1 is affected.
- Version 6.2.5 is affected.
- Version 7.3.5 is affected.
- Version 6.2.1 is affected.
- Version 7.2.7 is affected.
- Version 7.1.1 is affected.
- Version 6.3.5 is affected.
- Version 6.2.9 is affected.
- Version 7.3.1 is affected.
- Version 6.1.7 is affected.
- Version 7.2.11 is affected.
- Version 7.2.3 is affected.
- Version 7.1.5 is affected.
- Version 6.3.3 is affected.
- Version 7.3.9 is affected.
- Version 6.2.3 is affected.
- Version 6.1.9 is affected.
- Version 6.0.9 is affected.
- Version 7.2.5 is affected.
- Version 6.0.7 is affected.
- Version 6.3.7 is affected.
- Version 1.12.3 is affected.
- Version 1.8.0 is affected.
- Version 1.11.1 is affected.
- Version 1.12.4 is affected.
- Version 1.10.0 is affected.
- Version 1.12.0 is affected.
- Version 1.8.1 is affected.
- Version 1.10.1 is affected.
- Version 1.12.1 is affected.
- Version 1.12.6 is affected.
- Version 1.14.0 is affected.
- Version 1.10.2 is affected.
- Version 1.12.7 is affected.
- Version 1.12.2 is affected.
- Version 1.6.0 is affected.
- Version 1.9.0 is affected.
- Version 1.11.0 is affected.
- Version 1.7.0 is affected.
- Version 1.13.0 is affected.
- Version 1.8.4 is affected.
- Version 1.13.1 is affected.
- Version 1.9.1 is affected.
- Version 1.12.5 is affected.
- Version 1.13.2 is affected.
- Version 2.0.2 is affected.
- Version 1.1.0 is affected.
- Version 2.0.0 is affected.
- Version 2.0.1 is affected.
- Version 8.1.7.21512 is affected.
- Version 8.1.7 is affected.
- Version 8.1.5 is affected.
- Version 8.1.3.21242 is affected.
- Version 8.1.3 is affected.
- Version 8.1.5.21322 is affected.
- Version 8.1.7.21417 is affected.
- Version 2.1.0.14 is affected.
- Version 2.2.0 is affected.
- Version 2.3.0 is affected.
- Version 2.4.0 is affected.
- Version 2.5.0 is affected.
- Version 2.6.0 is affected.
- Version 2.7.0 is affected.
- Version 2.8.0 is affected.
- Version 2.9.0 is affected.
- Version 2.10.0 is affected.
- Version 2.10.1 is affected.
- Version 2.11.0 is affected.
- Version 1.14.1 is affected.
- Version 1.15.1 is affected.
- Version 1.15.2 is affected.
- Version 1.15.3 is affected.
- Version 1.15.4 is affected.
- Version 1.15.5 is affected.
- Version 1.15.6 is affected.
- Version 1.16.0 is affected.
- Version 1.16.1 is affected.
- Version 1.16.2 is affected.
- Version 1.16.3 is affected.
- Version 1.18.0 is affected.
- Version 1.18.1 is affected.
- Version 1.20.0 is affected.
- Version 1.21.0 is affected.
- Version 1.21.1 is affected.
- Version 1.21.2 is affected.
- Version 1.21.3 is affected.
- Version 1.22.0 is affected.
- Version 1.22.1 is affected.
- Version 1.22.2 is affected.
- Version 1.22.3 is affected.
- Version 1.22.4 is affected.
- Version 1.24.0 is affected.
- Version 1.24.1 is affected.
- Version 1.24.2 is affected.
- Version 1.24.3 is affected.
- Version 1.24.4 is affected.
- Version 1.26.0 is affected.
- Version 1.24.5 is affected.
- Version 1.26.1 is affected.
- Version 1.27.0 is affected.
- Version 1.15.0 is affected.
- Version 1.17.0 is affected.
- Version 1.17.1 is affected.
- Version 1.17.2 is affected.
- Version 1.19.0 is affected.
- Version 1.20.1 is affected.
- Version 1.20.2 is affected.
- Version 1.20.3 is affected.
- Version 1.20.4 is affected.
- Version 1.20.5 is affected.
- Version 1.20.6 is affected.
- Version 1.23.0 is affected.
- Version 1.23.1 is affected.
- Version 1.20.7 is affected.
- Version 1.20.8 is affected.
- Version 1.25.0 is affected.
- Version 1.25.1 is affected.
- Version 1.25.2 is affected.
- Version 1.27.1 is affected.
- Version 1.27.2 is affected.
- Version 7.3.13 is affected.
- Version 7.3.15 is affected.
- Version 7.4.1 is affected.
- Version 7.4.1.20425 is affected.
- Version 7.4.1.20439 is affected.
- Version 7.4.3 is affected.
- Version 7.4.3.20679 is affected.
- Version 7.4.5 is affected.
- Version 7.5.1.20813 is affected.
- Version 7.5.1.20833 is affected.
- Version 7.5.3 is affected.
- Version 7.5.5 is affected.
- Version 8.0.1.21160 is affected.
- Version 8.0.1.21164 is affected.
- Version 7.5.7 is affected.
- Version 7.5.9 is affected.
- Version 7.5.11 is affected.
- Version 8.1.7.21585 is affected.
- Version 7.5.13.21586 is affected.
- Version 7.5.13.21598 is affected.
- Version 8.2.1.21612 is affected.
- Version 8.2.1.21650 is affected.
- Version 7.5.15.21611 is affected.
- Version 7.5.17.21680 is affected.
- Version 8.2.3.30119 is affected.
- Version 8.2.4.30130 is affected.
- Version 8.4.0 is affected.
- Version 7.5.19 is affected.
- Version 8.4.1.30298 is affected.
- Version 8.4.2.30317 is affected.
- Version 8.4.1.30307 is affected.
- Version 7.5.20 is affected.
- Version 8.4.3 is affected.
- Version 8.4.4.30419 is affected.
- Version 8.4.4.30467 is affected.
- Version 7.5.21.21732 is affected.
- Version 8.4.5.30483 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.