How to Fix CVE-2026-20014: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (Bundle Sibling)
By Sai Kiran Pandrala. Last verified: 2026-05-25.
CVE-2026-20014 is a sibling vulnerability in the same vendor advisory as CVE-2026-20013. Apply the same patched build and you close both. The technical detail below is what differs.
⚡ At a glance
| Severity | 7.7 (High) |
|---|---|
| Actively exploited? | No public listing in CISA KEV |
| Affected | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.46; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.55; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.56; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.29; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.34; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.40; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.47; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.50; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.52; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.57; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.66; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.67; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.68; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.12; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.18; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.27; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.28; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.31; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.37; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.38; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.42; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.21; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.16; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.20; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.4.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.6; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.2.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.2.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1.13; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.6; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.7; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.9; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10.1 |
| Fixed in | Same patched build as CVE-2026-20013 |
| Type (CWE) | CWE-401: Missing Release of Memory after Effective Lifetime |
What's different about CVE-2026-20014?
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS condition on an affected device that may also impact the availability of services to devices elsewhere in the network.
This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted, authenticated IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust memory, causing the device to reload.
How to fix CVE-2026-20014
Apply the patched build per the primary write-up: How to Fix CVE-2026-20013. All commands, verification steps, and rollback notes for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software are listed there.
Frequently asked questions
Does the CVE-2026-20013 patch close CVE-2026-20014?
Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.
Is CVE-2026-20014 listed in CISA KEV?
No public KEV listing at the time of this writing.
Where is the official advisory?
See https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG
References
- Official vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20014
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary: How to Fix CVE-2026-20013
*Written by Sai Kiran Pandrala. Part of the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software bundle. Full procedure at how-to-fix-cve-2026-20013.*