A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*"
],
"vendor_product": "cisco:secure_endpoint",
"extracted_events": [
{
"fixed": "1.27.2"
},
{
"fixed": "1.29.0"
},
{
"fixed": "8.6.2"
}
]
}
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.4.5"
},
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.3"
}
],
"cpe": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*"
}"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-20216.json"
[
{
"source": "https://github.com/cisco-talos/clamav/commit/b970812e9b6427e361c362762d94f7356597efe4",
"digest": {
"line_hashes": [
"292730809324198135824456427123530982316",
"48909975112402718040840392598089442483",
"244709564196882964306236474155638759448",
"70870381860622873231048469217867683607",
"48280512302990451540812787021173843633",
"84063886632477573345883041956578632475",
"306992310433978823207970714918426559768"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libclamav/bytecode_api.h"
},
"id": "CVE-2026-20216-42df490f"
},
{
"source": "https://github.com/cisco-talos/clamav/commit/e8b337754d18b6bc46d565e7b6d82843debb4793",
"digest": {
"line_hashes": [
"25980081304948595529773044318868766445",
"139490683882163062933958223590198381964",
"30447695047841737820267435943470810888",
"167323549575839547577856716504685264826"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libclamav/bytecode_api.h"
},
"id": "CVE-2026-20216-ad39e5e0"
}
]
"2026-07-15T07:30:13Z"