{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20152", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.386Z", "datePublished": "2026-04-15T16:03:43.828Z", "dateUpdated": "2026-04-15T16:56:35.035Z"}, "containers": {"cna": {"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd", "name": "cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd", "discovery": "EXTERNAL", "defects": ["CSCwr20696"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Authentication Bypass by Primary Weakness", "type": "cwe", "cweId": "CWE-305"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Web Appliance", "versions": [{"version": "11.8.0-453", "status": "affected"}, {"version": "12.5.3-002", "status": "affected"}, {"version": "12.0.3-007", "status": "affected"}, {"version": "12.0.3-005", "status": "affected"}, {"version": "14.1.0-032", "status": "affected"}, {"version": "14.1.0-047", "status": "affected"}, {"version": "14.1.0-041", "status": "affected"}, {"version": "12.0.4-002", "status": "affected"}, {"version": "14.0.2-012", "status": "affected"}, {"version": "11.8.0-414", "status": "affected"}, {"version": "12.0.1-268", "status": "affected"}, {"version": "11.8.1-023", "status": "affected"}, {"version": "11.8.3-021", "status": "affected"}, {"version": "11.8.3-018", "status": "affected"}, {"version": "12.5.1-011", "status": "affected"}, {"version": "11.8.4-004", "status": "affected"}, {"version": "12.5.2-007", "status": "affected"}, {"version": "12.5.2-011", "status": "affected"}, {"version": "14.5.0-498", "status": "affected"}, {"version": "12.5.4-005", "status": "affected"}, {"version": "12.5.4-011", "status": "affected"}, {"version": "12.0.5-011", "status": "affected"}, {"version": "14.0.3-014", "status": "affected"}, {"version": "12.5.5-004", "status": "affected"}, {"version": "12.5.5-005", "status": "affected"}, {"version": "12.5.5-008", "status": "affected"}, {"version": "14.0.4-005", "status": "affected"}, {"version": "14.5.1-008", "status": "affected"}, {"version": "14.5.1-016", "status": "affected"}, {"version": "15.0.0-355", "status": "affected"}, {"version": "15.0.0-322", "status": "affected"}, {"version": "12.5.6-008", "status": "affected"}, {"version": "15.1.0-287", "status": "affected"}, {"version": "14.5.2-011", "status": "affected"}, {"version": "15.2.0-116", "status": "affected"}, {"version": "14.0.5-007", "status": "affected"}, {"version": "15.2.0-164", "status": "affected"}, {"version": "14.5.1-510", "status": "affected"}, {"version": "12.0.2-012", "status": "affected"}, {"version": "12.0.2-004", "status": "affected"}, {"version": "14.5.1-607", "status": "affected"}, {"version": "14.5.3-033", "status": "affected"}, {"version": "15.0.1-004", "status": "affected"}, {"version": "15.2.1-011", "status": "affected"}, {"version": "14.5.0-673", "status": "affected"}, {"version": "14.5.0-537", "status": "affected"}, {"version": "12.0.1-334", "status": "affected"}, {"version": "14.0.1-503", "status": "affected"}, {"version": "14.0.1-053", "status": "affected"}, {"version": "11.8.0-429", "status": "affected"}, {"version": "14.0.1-040", "status": "affected"}, {"version": "14.0.1-014", "status": "affected"}, {"version": "12.5.1-043", "status": "affected"}, {"version": "15.2.2-009", "status": "affected"}, {"version": "15.2.3-007", "status": "affected"}, {"version": "15.2.4-022", "status": "affected"}, {"version": "15.2.5-011", "status": "affected"}, {"version": "15.2.5-013", "status": "affected"}, {"version": "14.6.0-108", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:03:43.828Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:47:46.764093Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:35.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20152", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:47:46.764093Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:24.673Z"}}], "cna": {"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability", "source": {"defects": ["CSCwr20696"], "advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Web Appliance", "versions": [{"status": "affected", "version": "11.8.0-453"}, {"status": "affected", "version": "12.5.3-002"}, {"status": "affected", "version": "12.0.3-007"}, {"status": "affected", "version": "12.0.3-005"}, {"status": "affected", "version": "14.1.0-032"}, {"status": "affected", "version": "14.1.0-047"}, {"status": "affected", "version": "14.1.0-041"}, {"status": "affected", "version": "12.0.4-002"}, {"status": "affected", "version": "14.0.2-012"}, {"status": "affected", "version": "11.8.0-414"}, {"status": "affected", "version": "12.0.1-268"}, {"status": "affected", "version": "11.8.1-023"}, {"status": "affected", "version": "11.8.3-021"}, {"status": "affected", "version": "11.8.3-018"}, {"status": "affected", "version": "12.5.1-011"}, {"status": "affected", "version": "11.8.4-004"}, {"status": "affected", "version": "12.5.2-007"}, {"status": "affected", "version": "12.5.2-011"}, {"status": "affected", "version": "14.5.0-498"}, {"status": "affected", "version": "12.5.4-005"}, {"status": "affected", "version": "12.5.4-011"}, {"status": "affected", "version": "12.0.5-011"}, {"status": "affected", "version": "14.0.3-014"}, {"status": "affected", "version": "12.5.5-004"}, {"status": "affected", "version": "12.5.5-005"}, {"status": "affected", "version": "12.5.5-008"}, {"status": "affected", "version": "14.0.4-005"}, {"status": "affected", "version": "14.5.1-008"}, {"status": "affected", "version": "14.5.1-016"}, {"status": "affected", "version": "15.0.0-355"}, {"status": "affected", "version": "15.0.0-322"}, {"status": "affected", "version": "12.5.6-008"}, {"status": "affected", "version": "15.1.0-287"}, {"status": "affected", "version": "14.5.2-011"}, {"status": "affected", "version": "15.2.0-116"}, {"status": "affected", "version": "14.0.5-007"}, {"status": "affected", "version": "15.2.0-164"}, {"status": "affected", "version": "14.5.1-510"}, {"status": "affected", "version": "12.0.2-012"}, {"status": "affected", "version": "12.0.2-004"}, {"status": "affected", "version": "14.5.1-607"}, {"status": "affected", "version": "14.5.3-033"}, {"status": "affected", "version": "15.0.1-004"}, {"status": "affected", "version": "15.2.1-011"}, {"status": "affected", "version": "14.5.0-673"}, {"status": "affected", "version": "14.5.0-537"}, {"status": "affected", "version": "12.0.1-334"}, {"status": "affected", "version": "14.0.1-503"}, {"status": "affected", "version": "14.0.1-053"}, {"status": "affected", "version": "11.8.0-429"}, {"status": "affected", "version": "14.0.1-040"}, {"status": "affected", "version": "14.0.1-014"}, {"status": "affected", "version": "12.5.1-043"}, {"status": "affected", "version": "15.2.2-009"}, {"status": "affected", "version": "15.2.3-007"}, {"status": "affected", "version": "15.2.4-022"}, {"status": "affected", "version": "15.2.5-011"}, {"status": "affected", "version": "15.2.5-013"}, {"status": "affected", "version": "14.6.0-108"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd", "name": "cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-305", "description": "Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:03:43.828Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20152", "state": "PUBLISHED", "dateUpdated": "2026-04-15T16:56:35.035Z", "dateReserved": "2025-10-08T11:59:15.386Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-04-15T16:03:43.828Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."}], "id": "CVE-2026-20152", "lastModified": "2026-04-15T17:17:02.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-04-15T17:17:02.870", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{}