CVE-2026-20082
Published: 04 March 2026
Summary
CVE-2026-20082 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Network Flood (T1498.001); ranked at the 36.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely patching of the flaw in embryonic connection handling during TCP SYN floods.
Implements denial-of-service protections specifically against TCP SYN flood attacks that trigger the improper dropping of legitimate connections.
Ensures resource availability for connection tables and limits embryonic connections to prevent exhaustion and DoS from floods.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability facilitates denial-of-service via crafted TCP SYN flood traffic, directly enabling Network Denial of Service through Direct Network Flood.
NVD Description
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to…
more
improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features.
Deeper analysisAI
CVE-2026-20082 is a vulnerability in the handling of embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. The issue causes incoming TCP SYN packets to be dropped incorrectly due to improper processing of new TCP connections destined for management or data interfaces during a TCP SYN flood attack.
An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted stream of traffic to an affected device. Successful exploitation prevents all incoming TCP connections from being established, including remote management access, Remote Access VPN (RAVPN) connections, and TCP-based network protocols, resulting in a denial-of-service (DoS) condition. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-772.
The Cisco Security Advisory provides details on mitigation and patch information at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR.
Details
- CWE(s)