Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability

A vulnerability exists within Cisco Secure Web Appliance's Dynamic Vectoring and Streaming (DVS) Engine. This flaw allows attackers to bypass the anti-malware scanner. The vulnerability stems from the improper handling of specific archive files within the software. An unauthenticated attacker can exploit this remotely by sending a crafted malicious archive. This allows the attacker to download malware onto a user's workstation. The malware won't execute until the user extracts and launches the downloaded file. Cisco has released software updates to patch this specific security issue. No workarounds are available to mitigate the vulnerability effectively. The advisory with additional information is available on the Cisco security website. The security impact is classified as Medium severity. The Common Vulnerabilities and Exposures (CVE) identifier assigned is CVE-2026-20056.