Medium5.3Cisco Updated
Cisco Secure Web Appliance Authentication Bypass Vulnerability
cisco-sa-wsa-auth-bypass-6YZkTQhd Published Apr 16, 2026Updated by vendor Apr 16, 2026
CVE-2026-20152
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco Secure Web Appliance, both virtual and hardware versions.
- Earlier than 15.2 — Migrate to a fixed release
- Release 15.2 (first fixed: 15.2.5-013)
- 15.5 — Migrate to a fixed release
- Release 16.0 (first fixed: Not affected)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 15.2.5-013
- Not affected
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 15.2: migrate to a fixed release.
- Release 15.2: upgrade to 15.2.5-013.
- Release 15.5: migrate to a fixed release.
- Release 16.0: upgrade to Not affected.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.