Description
Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash.

This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.
Published: 2026-03-04
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The vulnerability stems from improper range checking during the decompression of user‑controlled VBA data in Snort 3. This flaw can lead to a heap overflow that crashes the Snort 3 Detection Engine, resulting in a Denial of Service that renders the engine unavailable until it is restarted. The weakness is classified as CWE‑122.

Affected Systems

The flaw affects Cisco products that incorporate Snort 3’s VBA capability, including Cisco Cyber Vision, Cisco Secure Firewall Threat Defense (FTD) Software, and Cisco UTD SNORT IPS Engine Software. No specific version numbers are published in the advisory, so organizations should verify whether their deployed firmware or software matches the impacted components described in the Cisco advisory.

Risk and Exploitability

The CVSS score of 5.8 indicates a medium severity, and the EPSS score of less than 1 % points to a low likelihood of exploitation in the wild. The vulnerability can be triggered by any remote party that can send crafted VBA data to the detection engine; no authentication is required. Because the defect exploits a heap overflow, a successful attack results only in a crash, not arbitrary code execution. The vulnerability is not listed in the CISA KEV catalog, further suggesting that widespread exploitation has not been observed.

Generated by OpenCVE AI on April 16, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest Cisco Secure Firewall Threat Defense and associated software releases that contain the official fix as detailed in the Cisco advisory
  • If a patch is unavailable or cannot be applied immediately, disable the Snort 3 VBA feature or restrict its input to prevent the vulnerable code path from executing
  • Implement monitoring of the Snort 3 Detection Engine for abnormal crashes or memory‑overrun indicators, and create alerts for these events to enable rapid incident response

Generated by OpenCVE AI on April 16, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco cyber Vision
Cisco secure Firewall Threat Defense
Vendors & Products Cisco
Cisco cisco Utd Snort Ips Engine Software
Cisco cyber Vision
Cisco secure Firewall Threat Defense

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition.
Title Cisco Secure Firewall Threat Defense Software Snort 3 Visual Basic for Application Heap Overflow Denial of Service Vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}

Subscriptions

Cisco Cisco Utd Snort Ips Engine Software Cyber Vision Secure Firewall Threat Defense
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-04T21:25:01.489Z

Reserved: 2025-10-08T11:59:15.355Z

Link: CVE-2026-20053

cve-icon Vulnrichment

Updated: 2026-03-04T21:24:57.785Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:19.607

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20053

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T13:30:16Z

Weaknesses