CVE-2026-20031

{"id": "CVE-2026-20031", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-03-04T18:16:16.773", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo HTML Cascading Style Sheets (CSS) de ClamAV podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado.\n\nEsta vulnerabilidad se debe a un manejo de errores inadecuado al dividir cadenas UTF-8. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar un archivo HTML manipulado para ser escaneado por ClamAV en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante terminar el proceso de escaneo."}], "lastModified": "2026-03-05T19:39:11.967", "sourceIdentifier": "psirt@cisco.com"}