{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T18:36:37.714","vulnerabilities":[{"cve":{"id":"CVE-2026-20056","sourceIdentifier":"psirt@cisco.com","published":"2026-02-04T17:16:13.927","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded.\r\n\r\nThis vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. "},{"lang":"es","value":"Una vulnerabilidad en la implementación del motor Dynamic Vectoring and Streaming (DVS) de Cisco AsyncOS Software para Cisco Secure Web Appliance podría permitir a un atacante remoto no autenticado eludir el escáner anti-malware, permitiendo la descarga de archivos comprimidos maliciosos.\n\nEsta vulnerabilidad se debe a un manejo inadecuado de ciertos archivos comprimidos. Un atacante podría explotar esta vulnerabilidad enviando un archivo comprimido manipulado, que debería ser bloqueado, a través de un dispositivo afectado. Un exploit exitoso podría permitir al atacante eludir el escáner anti-malware y descargar malware en una estación de trabajo de usuario final. El malware descargado no se ejecutará automáticamente a menos que el usuario final extraiga y ejecute el archivo malicioso."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-494"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF","source":"psirt@cisco.com"}]}}]}