CVE-2026-20105
Published: 04 March 2026
Summary
CVE-2026-20105 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the root cause by requiring validation of user-supplied inputs to prevent crafted packets from exhausting device memory in the SSL VPN functionality.
Provides denial-of-service protections tailored to block memory exhaustion attacks from authenticated remote VPN connections using crafted packets.
Ensures availability of critical resources like memory against exhaustion by limiting allocation and usage during remote SSL VPN sessions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory exhaustion via crafted packets over authenticated SSL VPN directly enables application/system exploitation to trigger device reload and DoS.
NVD Description
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory…
more
resulting in a denial of service (DoS) condition.This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation. An attacker could exploit this vulnerability by sending crafted packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Deeper analysisAI
CVE-2026-20105 is a memory exhaustion vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. The issue arises from the software trusting user input without proper validation, which could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory. This vulnerability does not affect the management or MUS interfaces and is rated with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), associated with CWE-401 (Memory Buffer of Resource Management Errors).
An attacker must possess a valid, authenticated Remote Access SSL VPN connection to exploit this vulnerability. By sending crafted packets to the VPN server, the attacker can trigger memory exhaustion on the device, leading to a reload and a denial-of-service (DoS) condition that disrupts VPN services.
Cisco has published a security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC providing details on the vulnerability, affected versions, and recommended mitigation steps, including software updates.
Details
- CWE(s)