{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20152", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.386Z", "datePublished": "2026-04-15T16:03:43.828Z", "dateUpdated": "2026-04-15T16:56:35.035Z"}, "containers": {"cna": {"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd", "name": "cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd", "discovery": "EXTERNAL", "defects": ["CSCwr20696"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Authentication Bypass by Primary Weakness", "type": "cwe", "cweId": "CWE-305"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Web Appliance", "versions": [{"version": "11.8.0-453", "status": "affected"}, {"version": "12.5.3-002", "status": "affected"}, {"version": "12.0.3-007", "status": "affected"}, {"version": "12.0.3-005", "status": "affected"}, {"version": "14.1.0-032", "status": "affected"}, {"version": "14.1.0-047", "status": "affected"}, {"version": "14.1.0-041", "status": "affected"}, {"version": "12.0.4-002", "status": "affected"}, {"version": "14.0.2-012", "status": "affected"}, {"version": "11.8.0-414", "status": "affected"}, {"version": "12.0.1-268", "status": "affected"}, {"version": "11.8.1-023", "status": "affected"}, {"version": "11.8.3-021", "status": "affected"}, {"version": "11.8.3-018", "status": "affected"}, {"version": "12.5.1-011", "status": "affected"}, {"version": "11.8.4-004", "status": "affected"}, {"version": "12.5.2-007", "status": "affected"}, {"version": "12.5.2-011", "status": "affected"}, {"version": "14.5.0-498", "status": "affected"}, {"version": "12.5.4-005", "status": "affected"}, {"version": "12.5.4-011", "status": "affected"}, {"version": "12.0.5-011", "status": "affected"}, {"version": "14.0.3-014", "status": "affected"}, {"version": "12.5.5-004", "status": "affected"}, {"version": "12.5.5-005", "status": "affected"}, {"version": "12.5.5-008", "status": "affected"}, {"version": "14.0.4-005", "status": "affected"}, {"version": "14.5.1-008", "status": "affected"}, {"version": "14.5.1-016", "status": "affected"}, {"version": "15.0.0-355", "status": "affected"}, {"version": "15.0.0-322", "status": "affected"}, {"version": "12.5.6-008", "status": "affected"}, {"version": "15.1.0-287", "status": "affected"}, {"version": "14.5.2-011", "status": "affected"}, {"version": "15.2.0-116", "status": "affected"}, {"version": "14.0.5-007", "status": "affected"}, {"version": "15.2.0-164", "status": "affected"}, {"version": "14.5.1-510", "status": "affected"}, {"version": "12.0.2-012", "status": "affected"}, {"version": "12.0.2-004", "status": "affected"}, {"version": "14.5.1-607", "status": "affected"}, {"version": "14.5.3-033", "status": "affected"}, {"version": "15.0.1-004", "status": "affected"}, {"version": "15.2.1-011", "status": "affected"}, {"version": "14.5.0-673", "status": "affected"}, {"version": "14.5.0-537", "status": "affected"}, {"version": "12.0.1-334", "status": "affected"}, {"version": "14.0.1-503", "status": "affected"}, {"version": "14.0.1-053", "status": "affected"}, {"version": "11.8.0-429", "status": "affected"}, {"version": "14.0.1-040", "status": "affected"}, {"version": "14.0.1-014", "status": "affected"}, {"version": "12.5.1-043", "status": "affected"}, {"version": "15.2.2-009", "status": "affected"}, {"version": "15.2.3-007", "status": "affected"}, {"version": "15.2.4-022", "status": "affected"}, {"version": "15.2.5-011", "status": "affected"}, {"version": "15.2.5-013", "status": "affected"}, {"version": "14.6.0-108", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:03:43.828Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:47:46.764093Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:35.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:47:46.764093Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:24.673Z"}}], "cna": {"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability", "source": {"defects": ["CSCwr20696"], "advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Web Appliance", "versions": [{"status": "affected", "version": "11.8.0-453"}, {"status": "affected", "version": "12.5.3-002"}, {"status": "affected", "version": "12.0.3-007"}, {"status": "affected", "version": "12.0.3-005"}, {"status": "affected", "version": "14.1.0-032"}, {"status": "affected", "version": "14.1.0-047"}, {"status": "affected", "version": "14.1.0-041"}, {"status": "affected", "version": "12.0.4-002"}, {"status": "affected", "version": "14.0.2-012"}, {"status": "affected", "version": "11.8.0-414"}, {"status": "affected", "version": "12.0.1-268"}, {"status": "affected", "version": "11.8.1-023"}, {"status": "affected", "version": "11.8.3-021"}, {"status": "affected", "version": "11.8.3-018"}, {"status": "affected", "version": "12.5.1-011"}, {"status": "affected", "version": "11.8.4-004"}, {"status": "affected", "version": "12.5.2-007"}, {"status": "affected", "version": "12.5.2-011"}, {"status": "affected", "version": "14.5.0-498"}, {"status": "affected", "version": "12.5.4-005"}, {"status": "affected", "version": "12.5.4-011"}, {"status": "affected", "version": "12.0.5-011"}, {"status": "affected", "version": "14.0.3-014"}, {"status": "affected", "version": "12.5.5-004"}, {"status": "affected", "version": "12.5.5-005"}, {"status": "affected", "version": "12.5.5-008"}, {"status": "affected", "version": "14.0.4-005"}, {"status": "affected", "version": "14.5.1-008"}, {"status": "affected", "version": "14.5.1-016"}, {"status": "affected", "version": "15.0.0-355"}, {"status": "affected", "version": "15.0.0-322"}, {"status": "affected", "version": "12.5.6-008"}, {"status": "affected", "version": "15.1.0-287"}, {"status": "affected", "version": "14.5.2-011"}, {"status": "affected", "version": "15.2.0-116"}, {"status": "affected", "version": "14.0.5-007"}, {"status": "affected", "version": "15.2.0-164"}, {"status": "affected", "version": "14.5.1-510"}, {"status": "affected", "version": "12.0.2-012"}, {"status": "affected", "version": "12.0.2-004"}, {"status": "affected", "version": "14.5.1-607"}, {"status": "affected", "version": "14.5.3-033"}, {"status": "affected", "version": "15.0.1-004"}, {"status": "affected", "version": "15.2.1-011"}, {"status": "affected", "version": "14.5.0-673"}, {"status": "affected", "version": "14.5.0-537"}, {"status": "affected", "version": "12.0.1-334"}, {"status": "affected", "version": "14.0.1-503"}, {"status": "affected", "version": "14.0.1-053"}, {"status": "affected", "version": "11.8.0-429"}, {"status": "affected", "version": "14.0.1-040"}, {"status": "affected", "version": "14.0.1-014"}, {"status": "affected", "version": "12.5.1-043"}, {"status": "affected", "version": "15.2.2-009"}, {"status": "affected", "version": "15.2.3-007"}, {"status": "affected", "version": "15.2.4-022"}, {"status": "affected", "version": "15.2.5-011"}, {"status": "affected", "version": "15.2.5-013"}, {"status": "affected", "version": "14.6.0-108"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd", "name": "cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-305", "description": "Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:03:43.828Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20152", "state": "PUBLISHED", "dateUpdated": "2026-04-15T16:56:35.035Z", "dateReserved": "2025-10-08T11:59:15.386Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-04-15T16:03:43.828Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "id": "CVE-2026-20152", "lastModified": "2026-04-15T17:17:02.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-04-15T17:17:02.870", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T19:19:36.356084+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco Secure Web Appliance patch that addresses the authentication service issue", "If the authentication service feature is not required, disable it to eliminate the attack surface", "Configure network perimeter controls or firewall rules to restrict unintended HTTP authentication traffic to the appliance"], "summary": {"action": "Apply Patch", "impact": "Authentication policy bypass enabling unauthenticated traffic to circumvent enforcement"}, "threat_synthesis": {"affected_systems": "Cisco Secure Web Appliance running Cisco AsyncOS Software, with no specific version details reported. All deployments of this product are potentially affected until a patch is applied.", "description_and_impact": "A flaw in Cisco Secure Web Appliance\u2019s authentication service lets an unauthenticated attacker inject crafted HTTP authentication requests that the system fails to properly validate. The result is an ability to circumvent the device\u2019s policy enforcement, allowing traffic that would normally be blocked to pass through. Although the appliance itself is not directly damaged, the vulnerability enables an attacker to misuse the device as a conduit for unauthorized traffic.", "risk_and_exploitability": "The CVSS score of 5.3 places the vulnerability in the medium severity range. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, indicating no public exploitation reports yet. The attack vector is inferred to be remote, unauthenticated HTTP interaction, requiring only the ability to send HTTP requests to the device. If exploited, it could allow policy\u2011evasion traffic, posing a moderate risk to network security."}}}}, "created": "2026-04-15T19:30:12.381767+00:00", "updated": "2026-04-15T19:30:12.381779+00:00", "vendors": []}