How to Fix CVE-2026-20101: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (Bundle Sibling)
By Sai Kiran Pandrala. Last verified: 2026-05-25.
CVE-2026-20101 is a sibling vulnerability in the same vendor advisory as CVE-2026-20100. Apply the same patched build and you close both. The technical detail below is what differs.
⚡ At a glance
| Severity | 8.6 (High) |
|---|---|
| Actively exploited? | No public listing in CISA KEV |
| Affected | Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3.12; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.18; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.26; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.29; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.30; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.35; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.37; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.38; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.40; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.41; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.47; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.48; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.50; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.52; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.54; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.55; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.56; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.58; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.62; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.65; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.4.67; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.1.28; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2.11; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.2.14; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3.14; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3.15; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3.19; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.3.23; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.14; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.19; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.27; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.38; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.42; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.48; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.55; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.57; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.61; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.62; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.67; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.70; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.71; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.76; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.82; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.16.4.84; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.11; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.15; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.20; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.30; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.33; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.45; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.17.1.46; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.2.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.39; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.46; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.55; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.3.56; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.8; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.29; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.34; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.40; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.47; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.50; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.52; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.53; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.18.4.57; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.12; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.18; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.24; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.27; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.28; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.31; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.37; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.38; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.19.1.42; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.1.5; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.21; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.2.22; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.4; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.7; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.9; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.10; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.13; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.16; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.20.3.20; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.3; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.1.6; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.22.2; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1; Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.23.1.3; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.3; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.2; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.4; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.5; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.6; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.7; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.8; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.9; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.10; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.11; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.12; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.13; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.14; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.15; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.16; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.17; Cisco Secure Firewall Threat Defense (FTD) Software 6.4.0.18; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.5; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.6; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.6.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.6.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.6.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.7; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.8; Cisco Secure Firewall Threat Defense (FTD) Software 7.0.8.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.1.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.1.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.1.0.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.1.0.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.0.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.6; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.7; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.5.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.8.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.9; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.2.10.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.3.1.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.1.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.3; Cisco Secure Firewall Threat Defense (FTD) Software 7.4.2.4; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2; Cisco Secure Firewall Threat Defense (FTD) Software 7.6.2.1; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.0; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10; Cisco Secure Firewall Threat Defense (FTD) Software 7.7.10.1 |
| Fixed in | Same patched build as CVE-2026-20100 |
| Type (CWE) | CWE-330: Use of Insufficiently Random Values |
What's different about CVE-2026-20101?
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability is due to insufficient error checking when processing SAML messages. An attacker could exploit this vulnerability by sending crafted SAML messages to the SAML service. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
How to fix CVE-2026-20101
Apply the patched build per the primary write-up: How to Fix CVE-2026-20100. All commands, verification steps, and rollback notes for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software are listed there.
Frequently asked questions
Does the CVE-2026-20100 patch close CVE-2026-20101?
Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.
Is CVE-2026-20101 listed in CISA KEV?
No public KEV listing at the time of this writing.
Where is the official advisory?
See https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC
References
- Official vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-m9sx6MbC
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20101
- CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Primary: How to Fix CVE-2026-20100
*Written by Sai Kiran Pandrala. Part of the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software bundle. Full procedure at how-to-fix-cve-2026-20100.*