CVE-2026-20216

Source
https://cve.org/CVERecord?id=CVE-2026-20216
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-20216.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-20216
Downstream
Related
Published
2026-07-01T17:16:29.973Z
Modified
2026-07-15T07:30:13.444321Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.

This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
                "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
                "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*"
            ],
            "vendor_product": "cisco:secure_endpoint",
            "extracted_events": [
                {
                    "fixed": "1.27.2"
                },
                {
                    "fixed": "1.29.0"
                },
                {
                    "fixed": "8.6.2"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/cisco-talos/clamav

Affected ranges

Type
GIT
Repo
https://github.com/cisco-talos/clamav
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.5"
        },
        {
            "introduced": "1.5.0"
        },
        {
            "fixed": "1.5.3"
        }
    ],
    "cpe": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*"
}

Affected versions

clamav-0.*
clamav-0.101.0
clamav-0.102.0
clamav-0.103.0
clamav-0.103.0-rc
clamav-0.103.0-rc2
clamav-0.105.0
clamav-0.105.0-rc
clamav-0.105.0-rc2
clamav-0.96
clamav-0.96.2
clamav-0.96.3
clamav-0.96.4
clamav-0.96.5
clamav-0.96rc1
clamav-0.96rc2
clamav-0.97
clamav-0.97rc
clamav-1.*
clamav-1.0.0
clamav-1.0.0-rc
clamav-1.0.0-rc2
clamav-1.1.0
clamav-1.1.0-rc
clamav-1.2.0
clamav-1.2.0-rc
clamav-1.3.0
clamav-1.3.0-rc
clamav-1.3.0-rc2
clamav-1.4.0
clamav-1.4.0-rc
clamav-1.4.1
clamav-1.4.2
clamav-1.4.3
clamav-1.4.4
clamav-1.5.0
clamav-1.5.1
clamav-1.5.2
Other
merge-llvm-97877
r5076

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-20216.json"
vanir_signatures
[
    {
        "source": "https://github.com/cisco-talos/clamav/commit/b970812e9b6427e361c362762d94f7356597efe4",
        "digest": {
            "line_hashes": [
                "292730809324198135824456427123530982316",
                "48909975112402718040840392598089442483",
                "244709564196882964306236474155638759448",
                "70870381860622873231048469217867683607",
                "48280512302990451540812787021173843633",
                "84063886632477573345883041956578632475",
                "306992310433978823207970714918426559768"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "libclamav/bytecode_api.h"
        },
        "id": "CVE-2026-20216-42df490f"
    },
    {
        "source": "https://github.com/cisco-talos/clamav/commit/e8b337754d18b6bc46d565e7b6d82843debb4793",
        "digest": {
            "line_hashes": [
                "25980081304948595529773044318868766445",
                "139490683882163062933958223590198381964",
                "30447695047841737820267435943470810888",
                "167323549575839547577856716504685264826"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "libclamav/bytecode_api.h"
        },
        "id": "CVE-2026-20216-ad39e5e0"
    }
]
vanir_signatures_modified
"2026-07-15T07:30:13Z"