{"api_version":"1","generated_at":"2026-04-17T09:16:30+00:00","cve":"CVE-2026-20102","urls":{"html":"https://cve.report/CVE-2026-20102","api":"https://cve.report/api/cve/CVE-2026-20102.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-20102","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-20102"},"summary":{"title":"Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability","description":"A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker&nbsp;to conduct a reflected XSS attack through an affected device.","state":"PUBLISHED","assigner":"cisco","published_at":"2026-03-04 18:16:25","updated_at":"2026-04-16 20:28:09"},"problem_types":["CWE-79","CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"psirt@cisco.com","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSSV3_1","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP","refsource":"psirt@cisco.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-20102","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20102","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.1.28","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2.13","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.16.2.14","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.13","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.15","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.20","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.30","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.33","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.39","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.45","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.17.1.46","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.23.1.13","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.20.4.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.22.2.13","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.18.4.66","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.20.4.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.23.1.19","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","version":"affected 9.18.4.67","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.0.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.0.0.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.0.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.1.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.0.1.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.1.0.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.1.0.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Secure Firewall Threat Defense (FTD) Software","version":"affected 7.1.0.3","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"20102","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"adaptive_security_appliance_software","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-20102","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-04T18:09:12.628315Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-04T18:09:27.083Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Cisco Secure Firewall Adaptive Security Appliance (ASA) Software","vendor":"Cisco","versions":[{"status":"affected","version":"9.16.1"},{"status":"affected","version":"9.16.1.28"},{"status":"affected","version":"9.16.2"},{"status":"affected","version":"9.16.2.3"},{"status":"affected","version":"9.16.2.7"},{"status":"affected","version":"9.17.1"},{"status":"affected","version":"9.16.2.11"},{"status":"affected","version":"9.16.2.13"},{"status":"affected","version":"9.16.2.14"},{"status":"affected","version":"9.17.1.7"},{"status":"affected","version":"9.17.1.9"},{"status":"affected","version":"9.17.1.10"},{"status":"affected","version":"9.17.1.11"},{"status":"affected","version":"9.17.1.13"},{"status":"affected","version":"9.17.1.15"},{"status":"affected","version":"9.17.1.20"},{"status":"affected","version":"9.17.1.30"},{"status":"affected","version":"9.17.1.33"},{"status":"affected","version":"9.17.1.39"},{"status":"affected","version":"9.17.1.45"},{"status":"affected","version":"9.17.1.46"},{"status":"affected","version":"9.23.1.13"},{"status":"affected","version":"9.20.4.7"},{"status":"affected","version":"9.22.2.13"},{"status":"affected","version":"9.18.4.66"},{"status":"affected","version":"9.20.4.10"},{"status":"affected","version":"9.23.1.19"},{"status":"affected","version":"9.18.4.67"}]},{"defaultStatus":"unknown","product":"Cisco Secure Firewall Threat Defense (FTD) Software","vendor":"Cisco","versions":[{"status":"affected","version":"7.0.0"},{"status":"affected","version":"7.0.0.1"},{"status":"affected","version":"7.0.1"},{"status":"affected","version":"7.1.0"},{"status":"affected","version":"7.0.1.1"},{"status":"affected","version":"7.1.0.1"},{"status":"affected","version":"7.1.0.2"},{"status":"affected","version":"7.1.0.3"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker&nbsp;to conduct a reflected XSS attack through an affected device."}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"cvssV3_1"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"cwe"}]}],"providerMetadata":{"dateUpdated":"2026-03-04T17:52:05.344Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"cisco-sa-asaftd-saml-LktTrwZP","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-saml-LktTrwZP"}],"source":{"advisory":"cisco-sa-asaftd-saml-LktTrwZP","defects":["CSCwp29401"],"discovery":"INTERNAL"},"title":"Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability"}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2026-20102","datePublished":"2026-03-04T17:52:05.344Z","dateReserved":"2025-10-08T11:59:15.370Z","dateUpdated":"2026-03-04T18:09:27.083Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-04 18:16:25","lastModifiedDate":"2026-04-16 20:28:09","problem_types":["CWE-79","CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.16.1","versionEndExcluding":"9.16.4.89","matchCriteriaId":"607EC994-8748-4BD6-9FBA-9C629EEFE20E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.17.1","versionEndExcluding":"9.18.4.71","matchCriteriaId":"A8F5D95D-6E80-42D2-BF57-8B3B600D6B40"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.1","versionEndExcluding":"9.20.4.19","matchCriteriaId":"EBAD7362-E8E2-4618-89CA-50E9B0102651"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.22.1.1","versionEndExcluding":"9.22.2.32","matchCriteriaId":"279FE4E6-C208-48E2-9B07-DCB121C59A08"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:*","versionStartIncluding":"9.23.1","versionEndExcluding":"9.23.1.26","matchCriteriaId":"67082150-477F-4B2E-B880-069D05875DC3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.9","matchCriteriaId":"14522326-0EF6-455A-8C84-C84E8C6B3F29"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0","versionEndExcluding":"7.2.11","matchCriteriaId":"3DA98A98-A084-4DB0-B08F-33EB6C8607C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.3","matchCriteriaId":"0943CCEB-1EA4-489B-9E62-631046B1A4AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense_software:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"10.0.0","matchCriteriaId":"B728650B-131B-43FD-A7F2-DAE8DAF781C6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"20102","Ordinal":"1","Title":"Cisco Secure Firewall Adaptive Security Appliance and Secure Fir","CVE":"CVE-2026-20102","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"20102","Ordinal":"1","NoteData":"A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information.\r\n\r\nThis vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker&nbsp;to conduct a reflected XSS attack through an affected device.","Type":"Description","Title":"Cisco Secure Firewall Adaptive Security Appliance and Secure Fir"}]}}}