A vulnerability in the Cisco Secure Web Appliance's Dynamic Vectoring and Streaming (DVS) Engine allows an unauthenticated, remote attacker to bypass the anti-malware scanner by sending a crafted archive file through an affected device (CVE-2026-20056). This improper handling of certain archive files could allow malware to be downloaded onto an end user's workstation. Cisco has released software updates to address this vulnerability; there are no workarounds available. The security impact rating is Medium.
A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is due to improper handling of certain archive files. An attacker could exploit this vulnerability by sending a crafted archive file, which should be blocked, through an affected device. A successful exploit could allow the attacker to bypass the anti-malware scanner and download malware onto an end user workstation. The downloaded malware will not automatically execute unless the end user extracts and launches the malicious file. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20056