How to Fix CVE-2026-20015: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (Bundle Sibling)
By Sai Kiran Pandrala. Last verified: 2026-05-25.
CVE-2026-20015 is a sibling vulnerability in the same vendor advisory as CVE-2026-20013. Apply the same patched build and you close both. The technical detail below is what differs.
⚡ At a glance
| Severity | 5.8 (Medium) |
|---|---|
| Actively exploited? | No public listing in CISA KEV |
| Affected | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.46; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.55; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.56; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.29; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.34; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.40; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.47; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.50; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.52; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.57; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.12; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.18; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.27; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.28; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.31; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.37; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.38; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.42; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.21; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.16; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.6; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.6; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.7; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.9; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.0 |
| Fixed in | Same patched build as CVE-2026-20013 |
| Type (CWE) | CWE-401: Missing Release of Memory after Effective Lifetime |
What's different about CVE-2026-20015?
A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device that may impact the availability of services to devices elsewhere in the network.
This vulnerability is due to a memory leak when parsing IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to exhaust resources, causing a DoS condition that will eventually require the device to be manually reloaded.
How to fix CVE-2026-20015
Apply the patched build per the primary write-up: How to Fix CVE-2026-20013. All commands, verification steps, and rollback notes for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software are listed there.
Frequently asked questions
Does the CVE-2026-20013 patch close CVE-2026-20015?
Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.
Is CVE-2026-20015 listed in CISA KEV?
No public KEV listing at the time of this writing.
Where is the official advisory?
See https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG
References
- Official vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-eBueGdEG
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20015
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary: How to Fix CVE-2026-20013
*Written by Sai Kiran Pandrala. Part of the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software bundle. Full procedure at how-to-fix-cve-2026-20013.*