ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability

🗓️ 04 Mar 2026 16:00:00Reported by CiscoType

cisco

cisco🔗 tools.cisco.com👁 6 Views

Unauthenticated attacker can cause denial of service in ClamAV HTML CSS parsing due to UTF-8 error handling.

Reporter	Title	Published	Views	Family All 48
ATTACKERKB	CVE-2026-20031	4 Mar 202617:17	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : clamav1.4, clamav1.4-data, clamav1.4-devel (ALAS2023-2026-1630)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1631)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : clamav1.4, --advisory ALAS2-2026-3276 (ALAS-2026-3276)	30 Apr 202600:00	–	nessus
Tenable Nessus	Cisco Secure Endpoint ClamAV CSS Parsing DoS (cisco-sa-clamav-css-Fn4QSZ)	13 Mar 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : clamav (openSUSE-SU-2026:20479-1)	22 Apr 202600:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : clamav (SUSE-SU-2026:1324-1)	15 Apr 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2026:1325-1)	15 Apr 202600:00	–	nessus
Tenable Nessus	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ClamAV vulnerability (USN-8207-1)	28 Apr 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-20031	17 Apr 202600:00	–	nessus

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ

04 Mar 2026 16:00Current

6Medium risk

Vulners AI Score6

EPSS0.00042

ClamAV vulnerability HTML CSS parsing UTF-8 error handling denial of service remote attacker