Home

Description

A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

PUBLISHED Reserved 2025-10-08 | Published 2026-03-04 | Updated 2026-03-05 | Assigner cisco




HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Problem types

Use of Insufficiently Random Values

Product status

9.12.1
affected

9.12.1.2
affected

9.12.1.3
affected

9.12.2
affected

9.12.2.4
affected

9.12.2.5
affected

9.12.2.9
affected

9.12.3
affected

9.12.3.2
affected

9.12.3.7
affected

9.12.4
affected

9.12.3.12
affected

9.12.3.9
affected

9.12.2.1
affected

9.12.4.2
affected

9.12.4.4
affected

9.12.4.7
affected

9.12.4.10
affected

9.12.4.13
affected

9.12.4.8
affected

9.12.4.18
affected

9.12.4.24
affected

9.12.4.26
affected

9.12.4.29
affected

9.12.4.30
affected

9.12.4.35
affected

9.12.4.37
affected

9.12.4.38
affected

9.12.4.39
affected

9.12.4.40
affected

9.12.4.41
affected

9.12.4.47
affected

9.12.4.48
affected

9.12.4.50
affected

9.12.4.52
affected

9.12.4.54
affected

9.12.4.55
affected

9.12.4.56
affected

9.12.4.58
affected

9.12.4.62
affected

9.12.4.65
affected

9.12.4.67
affected

9.16.1
affected

9.16.1.28
affected

9.16.2
affected

9.16.2.3
affected

9.16.2.7
affected

9.16.2.11
affected

9.16.2.13
affected

9.16.2.14
affected

9.16.3
affected

9.16.3.3
affected

9.16.3.14
affected

9.16.3.15
affected

9.16.3.19
affected

9.16.3.23
affected

9.16.4
affected

9.16.4.9
affected

9.16.4.14
affected

9.16.4.19
affected

9.16.4.27
affected

9.16.4.38
affected

9.16.4.39
affected

9.16.4.42
affected

9.16.4.48
affected

9.16.4.55
affected

9.16.4.57
affected

9.16.4.61
affected

9.16.4.62
affected

9.16.4.67
affected

9.16.4.70
affected

9.16.4.71
affected

9.16.4.76
affected

9.16.4.82
affected

9.16.4.84
affected

9.17.1
affected

9.17.1.7
affected

9.17.1.9
affected

9.17.1.10
affected

9.17.1.11
affected

9.17.1.13
affected

9.17.1.15
affected

9.17.1.20
affected

9.17.1.30
affected

9.17.1.33
affected

9.17.1.39
affected

9.17.1.45
affected

9.17.1.46
affected

9.18.1
affected

9.18.1.3
affected

9.18.2
affected

9.18.2.5
affected

9.18.2.7
affected

9.18.2.8
affected

9.18.3
affected

9.18.3.39
affected

9.18.3.46
affected

9.18.3.53
affected

9.18.3.55
affected

9.18.3.56
affected

9.18.4
affected

9.18.4.5
affected

9.18.4.8
affected

9.18.4.22
affected

9.18.4.24
affected

9.18.4.29
affected

9.18.4.34
affected

9.18.4.40
affected

9.18.4.47
affected

9.18.4.50
affected

9.18.4.52
affected

9.18.4.53
affected

9.18.4.57
affected

9.19.1
affected

9.19.1.5
affected

9.19.1.9
affected

9.19.1.12
affected

9.19.1.18
affected

9.19.1.22
affected

9.19.1.24
affected

9.19.1.27
affected

9.19.1.28
affected

9.19.1.31
affected

9.19.1.37
affected

9.19.1.38
affected

9.19.1.42
affected

9.20.1
affected

9.20.1.5
affected

9.20.2
affected

9.20.2.10
affected

9.20.2.21
affected

9.20.2.22
affected

9.20.3
affected

9.20.3.4
affected

9.20.3.7
affected

9.20.3.9
affected

9.20.3.10
affected

9.20.3.13
affected

9.20.3.16
affected

9.20.3.20
affected

9.22.1.1
affected

9.22.1.3
affected

9.22.1.2
affected

9.22.1.6
affected

9.22.2
affected

9.23.1
affected

9.23.1.3
affected

6.4.0
affected

6.4.0.1
affected

6.4.0.3
affected

6.4.0.2
affected

6.4.0.4
affected

6.4.0.5
affected

6.4.0.6
affected

6.4.0.7
affected

6.4.0.8
affected

6.4.0.9
affected

6.4.0.10
affected

6.4.0.11
affected

6.4.0.12
affected

6.4.0.13
affected

6.4.0.14
affected

6.4.0.15
affected

6.4.0.16
affected

6.4.0.17
affected

6.4.0.18
affected

7.0.0
affected

7.0.0.1
affected

7.0.1
affected

7.0.1.1
affected

7.0.2
affected

7.0.2.1
affected

7.0.3
affected

7.0.4
affected

7.0.5
affected

7.0.6
affected

7.0.6.1
affected

7.0.6.2
affected

7.0.6.3
affected

7.0.7
affected

7.0.8
affected

7.0.8.1
affected

7.1.0
affected

7.1.0.1
affected

7.1.0.2
affected

7.1.0.3
affected

7.2.0
affected

7.2.0.1
affected

7.2.1
affected

7.2.2
affected

7.2.3
affected

7.2.4
affected

7.2.4.1
affected

7.2.5
affected

7.2.5.1
affected

7.2.6
affected

7.2.7
affected

7.2.5.2
affected

7.2.8
affected

7.2.8.1
affected

7.2.9
affected

7.2.10
affected

7.2.10.2
affected

7.3.0
affected

7.3.1
affected

7.3.1.1
affected

7.3.1.2
affected

7.4.0
affected

7.4.1
affected

7.4.1.1
affected

7.4.2
affected

7.4.2.1
affected

7.4.2.2
affected

7.4.2.3
affected

7.4.2.4
affected

7.6.0
affected

7.6.1
affected

7.6.2
affected

7.6.2.1
affected

7.7.0
affected

7.7.10
affected

7.7.10.1
affected

References

sec.cloudapps.cisco.com/...sory/cisco-sa-asaftd-vpn-m9sx6MbC (cisco-sa-asaftd-vpn-m9sx6MbC)

cve.org (CVE-2026-20101)

nvd.nist.gov (CVE-2026-20101)

Download JSON