Description
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
Published: 2026-03-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A defect in the CSS handling component of ClamAV leads to improper error handling when splitting UTF-8 strings. When a maliciously crafted HTML file is scanned, this flaw can terminate the scanning process, resulting in a denial of service on the affected device. The vulnerability is a classic example of CWE-248, undefined behavior caused by improper handling of error conditions.

Affected Systems

The flaw is reported to affect Cisco Secure Endpoint devices that rely on ClamAV for scanning. No specific version range is supplied in the advisory, so any deployment of ClamAV within this product line should be treated with caution until a patch can be applied.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is less than 1%, suggesting that exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an unauthenticated attacker to provide a crafted HTML file that ClamAV will process, a condition that may arise if the device accepts arbitrary user-supplied content for scanning.

Generated by OpenCVE AI on April 17, 2026 at 13:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Secure Endpoint patch that includes the ClamAV CSS parsing fix.
  • If a patch is not immediately available, isolate the CSS processing capability by disabling the CSS module or preventing ClamAV from scanning CSS-related files.
  • Continue to monitor system logs for repeated crashes or abnormal termination of the scanning process and block any source that repeatedly submits malformed MIME objects.
  • Ensure any external interfaces that admit files for scanning enforce strict content validation to prevent delivery of crafted HTML.

Generated by OpenCVE AI on April 17, 2026 at 13:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Endpoint
Vendors & Products Cisco
Cisco secure Endpoint

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
Title ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Cisco Secure Endpoint
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-05T15:52:07.708Z

Reserved: 2025-10-08T11:59:15.353Z

Link: CVE-2026-20031

cve-icon Vulnrichment

Updated: 2026-03-05T15:52:03.337Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:16.773

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:15:19Z

Weaknesses