What is the CVSS score of CVE-2026-20039?

CVE-2026-20039 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Cisco are affected by CVE-2026-20039?

Cisco Secure Firewall devices (ASA and FTD) are vulnerable to unauthenticated remote denial-of-service attacks that could disrupt VPN access for remote workers and branch offices.

Cisco CVE-2026-20039

HIGH

Improper Clearing of Heap Memory Before Release ('Heap Inspection') (CWE-244)

2026-03-04 psirt@cisco.com

Denial Of Service Cisco

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 20:07 vuln.today

cvss_changed

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 04, 2026 - 18:16 nvd

HIGH 8.6

DescriptionNVD

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to ineffective memory management of the VPN web server. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

AnalysisAI

Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. …

RemediationAI

Within 24 hours: Inventory all Cisco ASA and FTD appliances and assess internet-facing VPN exposure. Within 7 days: Implement network segmentation and access controls to restrict VPN portal access to known IP ranges, and enable detailed logging for anomaly detection. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-20039 vulnerability details – vuln.today

Back

Cisco CVE-2026-20039

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code