{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20102", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.370Z", "datePublished": "2026-03-04T17:52:05.344Z", "dateUpdated": "2026-03-04T18:09:27.083Z"}, "containers": {"cna": {"title": "Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP", "name": "cisco-sa-asaftd-saml-LktTrwZP"}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-asaftd-saml-LktTrwZP", "discovery": "INTERNAL", "defects": ["CSCwp29401"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "cwe", "cweId": "CWE-79"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "versions": [{"version": "9.16.1", "status": "affected"}, {"version": "9.16.1.28", "status": "affected"}, {"version": "9.16.2", "status": "affected"}, {"version": "9.16.2.3", "status": "affected"}, {"version": "9.16.2.7", "status": "affected"}, {"version": "9.17.1", "status": "affected"}, {"version": "9.16.2.11", "status": "affected"}, {"version": "9.16.2.13", "status": "affected"}, {"version": "9.16.2.14", "status": "affected"}, {"version": "9.17.1.7", "status": "affected"}, {"version": "9.17.1.9", "status": "affected"}, {"version": "9.17.1.10", "status": "affected"}, {"version": "9.17.1.11", "status": "affected"}, {"version": "9.17.1.13", "status": "affected"}, {"version": "9.17.1.15", "status": "affected"}, {"version": "9.17.1.20", "status": "affected"}, {"version": "9.17.1.30", "status": "affected"}, {"version": "9.17.1.33", "status": "affected"}, {"version": "9.17.1.39", "status": "affected"}, {"version": "9.17.1.45", "status": "affected"}, {"version": "9.17.1.46", "status": "affected"}, {"version": "9.23.1.13", "status": "affected"}, {"version": "9.20.4.7", "status": "affected"}, {"version": "9.22.2.13", "status": "affected"}, {"version": "9.18.4.66", "status": "affected"}, {"version": "9.20.4.10", "status": "affected"}, {"version": "9.23.1.19", "status": "affected"}, {"version": "9.18.4.67", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Secure Firewall Threat Defense (FTD) Software", "versions": [{"version": "7.0.0", "status": "affected"}, {"version": "7.0.0.1", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.1.0", "status": "affected"}, {"version": "7.0.1.1", "status": "affected"}, {"version": "7.1.0.1", "status": "affected"}, {"version": "7.1.0.2", "status": "affected"}, {"version": "7.1.0.3", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:52:05.344Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T18:09:12.628315Z", "id": "CVE-2026-20102", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T18:09:27.083Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20102", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T18:09:12.628315Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T18:09:21.938Z"}}], "cna": {"title": "Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability", "source": {"defects": ["CSCwp29401"], "advisory": "cisco-sa-asaftd-saml-LktTrwZP", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "versions": [{"status": "affected", "version": "9.16.1"}, {"status": "affected", "version": "9.16.1.28"}, {"status": "affected", "version": "9.16.2"}, {"status": "affected", "version": "9.16.2.3"}, {"status": "affected", "version": "9.16.2.7"}, {"status": "affected", "version": "9.17.1"}, {"status": "affected", "version": "9.16.2.11"}, {"status": "affected", "version": "9.16.2.13"}, {"status": "affected", "version": "9.16.2.14"}, {"status": "affected", "version": "9.17.1.7"}, {"status": "affected", "version": "9.17.1.9"}, {"status": "affected", "version": "9.17.1.10"}, {"status": "affected", "version": "9.17.1.11"}, {"status": "affected", "version": "9.17.1.13"}, {"status": "affected", "version": "9.17.1.15"}, {"status": "affected", "version": "9.17.1.20"}, {"status": "affected", "version": "9.17.1.30"}, {"status": "affected", "version": "9.17.1.33"}, {"status": "affected", "version": "9.17.1.39"}, {"status": "affected", "version": "9.17.1.45"}, {"status": "affected", "version": "9.17.1.46"}, {"status": "affected", "version": "9.23.1.13"}, {"status": "affected", "version": "9.20.4.7"}, {"status": "affected", "version": "9.22.2.13"}, {"status": "affected", "version": "9.18.4.66"}, {"status": "affected", "version": "9.20.4.10"}, {"status": "affected", "version": "9.23.1.19"}, {"status": "affected", "version": "9.18.4.67"}], "defaultStatus": "unknown"}, {"vendor": "Cisco", "product": "Cisco Secure Firewall Threat Defense (FTD) Software", "versions": [{"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "7.0.0.1"}, {"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "7.1.0"}, {"status": "affected", "version": "7.0.1.1"}, {"status": "affected", "version": "7.1.0.1"}, {"status": "affected", "version": "7.1.0.2"}, {"status": "affected", "version": "7.1.0.3"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP", "name": "cisco-sa-asaftd-saml-LktTrwZP"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-04T17:52:05.344Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20102", "state": "PUBLISHED", "dateUpdated": "2026-03-04T18:09:27.083Z", "dateReserved": "2025-10-08T11:59:15.370Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-03-04T17:52:05.344Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "607EC994-8748-4BD6-9FBA-9C629EEFE20E", "versionEndExcluding": "9.16.4.89", "versionStartIncluding": "9.16.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8F5D95D-6E80-42D2-BF57-8B3B600D6B40", "versionEndExcluding": "9.18.4.71", "versionStartIncluding": "9.17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBAD7362-E8E2-4618-89CA-50E9B0102651", "versionEndExcluding": "9.20.4.19", "versionStartIncluding": "9.20.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "279FE4E6-C208-48E2-9B07-DCB121C59A08", "versionEndExcluding": "9.22.2.32", "versionStartIncluding": "9.22.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "67082150-477F-4B2E-B880-069D05875DC3", "versionEndExcluding": "9.23.1.26", "versionStartIncluding": "9.23.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "14522326-0EF6-455A-8C84-C84E8C6B3F29", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DA98A98-A084-4DB0-B08F-33EB6C8607C0", "versionEndExcluding": "7.2.11", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "0943CCEB-1EA4-489B-9E62-631046B1A4AA", "versionEndExcluding": "7.4.3", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "B728650B-131B-43FD-A7F2-DAE8DAF781C6", "versionEndExcluding": "10.0.0", "versionStartIncluding": "7.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n de inicio de sesi\u00f3n \u00fanico (SSO) SAML 2.0 de Cisco Secure Firewall ASA Software y Cisco Secure Firewall Threat Defense (FTD) Software podr\u00eda permitir a un atacante remoto no autenticado realizar un ataque de cross-site scripting (XSS) contra la funci\u00f3n SAML y acceder a informaci\u00f3n sensible basada en el navegador.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de m\u00faltiples par\u00e1metros HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad persuadiendo a un usuario para que acceda a un enlace malicioso. Un exploit exitoso podr\u00eda permitir al atacante realizar un ataque XSS reflejado a trav\u00e9s de un dispositivo afectado."}], "id": "CVE-2026-20102", "lastModified": "2026-04-16T20:28:09.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-04T18:16:25.620", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.16.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.1.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.16.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.2.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.2.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "9.17.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.2.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.2.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.16.2.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.30"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.33"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.45"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.17.1.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.23.1.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.4.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.22.2.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.66"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.20.4.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.23.1.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "9.18.4.67"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software", "source": "cna", "vendor": "Cisco"}, "product": "adaptive_security_appliance_software", "vendor": "cisco"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.0.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.0.1.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.1.0.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.1.0.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.1.0.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Cisco Secure Firewall Threat Defense (FTD) Software", "source": "cna", "vendor": "Cisco"}, "product": "secure_firewall_threat_defense", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-16T13:16:20.822900+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco firmware patch that sanitizes SAML HTTP parameters.", "Temporarily disable the SAML SSO feature or restrict it to trusted networks until patches are applied.", "Perform a comprehensive scan for injected scripts in the current configuration and monitor logs for anomalous SAML requests."], "summary": {"action": "Apply Patch", "impact": "Reflected Cross\u2011Site Scripting via the SAML SSO feature"}, "threat_synthesis": {"affected_systems": "Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software are affected. The vulnerability applies to all versions that include the unpatched SAML component, as no specific version string is provided.", "description_and_impact": "The flaw arises from inadequate validation of HTTP parameters within the SAML\u00a02.0 SSO functionality of Cisco Secure Firewall Adaptive Security Appliance and Threat Defense software. An attacker can craft a malicious URL that reflects unsanitized user input back to the victim\u2019s browser, enabling a reflected cross\u2011site scripting attack. This could compromise confidential data stored or displayed in the browser context and potentially lead to unauthorized actions performed on behalf of the user.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate impact, while the EPSS score of less than 1% suggests a low probability of exploitation in the current environment. The vulnerability is not listed in the KEV catalog, but it can be exploited remotely by an unauthenticated attacker who convinces a user to click a crafted link. Successful exploitation would allow the attacker to inject and execute arbitrary scripts in the victim\u2019s browser session, potentially exfiltrating sensitive data or POSTing malicious requests from the user\u2019s authenticated session."}}}}, "created": "2026-03-05T09:06:08.761959+00:00", "updated": "2026-04-16T13:30:16.019695+00:00", "vendors": ["cisco", "cisco$PRODUCT$adaptive_security_appliance_software", "cisco$PRODUCT$secure_firewall_threat_defense"]}