● Medium · CVSS 5.8

How to Fix CVE-2026-20066: Cisco Secure Firewall Threat Defense (FTD) Software (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-20066 is a sibling vulnerability in the same vendor advisory as CVE-2026-20005. Apply the same patched build and you close both. The technical detail below is what differs.

⚡ At a glance


Severity	5.8 (Medium)
Actively exploited?	No public listing in CISA KEV
Affected	Cisco Secure Firewall Threat Defense (FTD) Software 7.4.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.3; Cisco UTD SNORT IPS Engine Software 17.3.1a; Cisco UTD SNORT IPS Engine Software 17.2.1r; Cisco UTD SNORT IPS Engine Software 17.3.2; Cisco UTD SNORT IPS Engine Software 17.4.1a; Cisco UTD SNORT IPS Engine Software 17.5.1; Cisco UTD SNORT IPS Engine Software 17.3.3; Cisco UTD SNORT IPS Engine Software 17.5.1a; Cisco UTD SNORT IPS Engine Software 17.3.4; Cisco UTD SNORT IPS Engine Software 17.3.4a; Cisco UTD SNORT IPS Engine Software 17.4.2; Cisco UTD SNORT IPS Engine Software 17.4.1b; Cisco UTD SNORT IPS Engine Software 17.6.1a; Cisco UTD SNORT IPS Engine Software 17.7.1a; Cisco UTD SNORT IPS Engine Software 17.6.2; Cisco UTD SNORT IPS Engine Software 17.8.1a; Cisco UTD SNORT IPS Engine Software 17.3.5; Cisco UTD SNORT IPS Engine Software 17.6.3; Cisco UTD SNORT IPS Engine Software 17.6.3a; Cisco UTD SNORT IPS Engine Software 17.7.2; Cisco UTD SNORT IPS Engine Software 17.9.1a; Cisco UTD SNORT IPS Engine Software 17.6.4; Cisco UTD SNORT IPS Engine Software 17.10.1a; Cisco UTD SNORT IPS Engine Software 17.3.6; Cisco UTD SNORT IPS Engine Software 17.3.7; Cisco UTD SNORT IPS Engine Software 17.9.2a; Cisco UTD SNORT IPS Engine Software 17.6.5; Cisco UTD SNORT IPS Engine Software 17.11.1a; Cisco UTD SNORT IPS Engine Software 17.9.3a; Cisco UTD SNORT IPS Engine Software 17.12.1a; Cisco UTD SNORT IPS Engine Software 17.9.4; Cisco UTD SNORT IPS Engine Software 17.6.6; Cisco UTD SNORT IPS Engine Software 17.3.8; Cisco UTD SNORT IPS Engine Software 17.3.8a; Cisco UTD SNORT IPS Engine Software 17.6.6a; Cisco UTD SNORT IPS Engine Software 17.9.4a; Cisco UTD SNORT IPS Engine Software 17.12.2; Cisco UTD SNORT IPS Engine Software 17.13.1a; Cisco UTD SNORT IPS Engine Software 17.9.5a; Cisco UTD SNORT IPS Engine Software 17.12.3; Cisco UTD SNORT IPS Engine Software 17.6.7; Cisco UTD SNORT IPS Engine Software 17.14.1a; Cisco UTD SNORT IPS Engine Software 17.12.4; Cisco UTD SNORT IPS Engine Software 17.12.3a; Cisco UTD SNORT IPS Engine Software 17.15.1a; Cisco UTD SNORT IPS Engine Software 17.6.8; Cisco UTD SNORT IPS Engine Software 17.9.6; Cisco UTD SNORT IPS Engine Software 17.6.8a; Cisco UTD SNORT IPS Engine Software 17.16.1a; Cisco UTD SNORT IPS Engine Software 17.9.5e; Cisco UTD SNORT IPS Engine Software 17.12.4a; Cisco UTD SNORT IPS Engine Software 17.15.2c; Cisco UTD SNORT IPS Engine Software 17.9.5f; Cisco UTD SNORT IPS Engine Software 17.12.4b; Cisco UTD SNORT IPS Engine Software 17.15.2a; Cisco UTD SNORT IPS Engine Software 17.12.5; Cisco UTD SNORT IPS Engine Software 17.17.1; Cisco UTD SNORT IPS Engine Software 17.12.5a; Cisco UTD SNORT IPS Engine Software 17.9.7a; Cisco UTD SNORT IPS Engine Software 17.15.3a; Cisco UTD SNORT IPS Engine Software 17.15.3; Cisco UTD SNORT IPS Engine Software 17.12.5b; Cisco UTD SNORT IPS Engine Software 17.12.5c; Cisco UTD SNORT IPS Engine Software 17.15.4; Cisco UTD SNORT IPS Engine Software 17.9.7b; Cisco UTD SNORT IPS Engine Software 17.18.1; Cisco UTD SNORT IPS Engine Software 17.18.1a; Cisco UTD SNORT IPS Engine Software 17.12.6; Cisco UTD SNORT IPS Engine Software 17.9.8; Cisco UTD SNORT IPS Engine Software 17.15.4c; Cisco UTD SNORT IPS Engine Software 17.12.5d; Cisco UTD SNORT IPS Engine Software 17.18.2
Fixed in	Same patched build as CVE-2026-20005
Type (CWE)	CWE-400: Uncontrolled Resource Consumption

What's different about CVE-2026-20066?

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.

This vulnerability is due to an error in the JSTokenizer normalization logic when the HTTP inspection normalizes JavaScript. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine restarts unexpectedly. JSTokenizer is not enabled by default.

How to fix CVE-2026-20066

Apply the patched build per the primary write-up: How to Fix CVE-2026-20005. All commands, verification steps, and rollback notes for Cisco Secure Firewall Threat Defense (FTD) Software are listed there.

Frequently asked questions

Does the CVE-2026-20005 patch close CVE-2026-20066?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-20066 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-multi-dos-XFWkWSwz

References

Official vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-multi-dos-XFWkWSwz
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20066
CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Primary: How to Fix CVE-2026-20005

*Written by Sai Kiran Pandrala. Part of the Cisco Secure Firewall Threat Defense (FTD) Software bundle. Full procedure at how-to-fix-cve-2026-20005.*