CVE-2026-20102
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.
| CWE | CWE-79 |
| Vendor | cisco |
| Product | cisco secure firewall adaptive security appliance (asa) software |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Mar 4, 2026 |
| Last Updated | Mar 4, 2026 |
Get instant alerts for cisco cisco secure firewall adaptive security appliance (asa) software
Be the first to know when new medium vulnerabilities affecting cisco cisco secure firewall adaptive security appliance (asa) software are published โ delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N