Improper neutralization of special elements in Cisco Adaptive Security Appliance (ASA) - CVE-2026-20009
Published: March 5, 2026
Vulnerability identifier: #VU123563
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20009
CWE-ID: CWE-138
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Adaptive Security Appliance (ASA)
Cisco Adaptive Security Appliance (ASA)
Detailed vulnerability description
The vulnerability allows a remote attacker to impersonate other users.
The vulnerability exists due to insufficient validation of user input during the SSH authentication phase in the implementation of the proprietary SSH stack with SSH key-based authentication. A remote attacker with knowledge of username and the associated public key can submit specially crafted input during SSH authentication to an affected device and log in to the device as a specific user without the private SSH key of that user.
How to mitigate CVE-2026-20009
Install updates from vendor's website.