What is the CVSS score of CVE-2026-20073?

CVE-2026-20073 has a CVSS 3.1 base score of 5.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Cisco are affected by CVE-2026-20073?

CVE-2026-20073 presents moderate security risk, a improper access control vulnerability rated CVSS 5.8. Exploitation could compromise the security of affected deployments.

Cisco CVE-2026-20073

MEDIUM

Improper Access Control (CWE-284)

2026-03-04 psirt@cisco.com

Authentication Bypass Cisco

5.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 04, 2026 - 18:16 nvd

MEDIUM 5.8

DescriptionNVD

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device.

This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks.

AnalysisAI

Unauthenticated remote attackers can bypass firewall access controls on Cisco Secure Firewall ASA and FTD devices by exploiting improper error handling during cluster memory exhaustion when syncing security rules. This allows attackers to send traffic that should be blocked through affected devices to reach protected networks. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-20073 vulnerability details – vuln.today

Back

Cisco CVE-2026-20073

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code