{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "cpe": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
            "extracted_events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "1.4.5"
              },
              {
                "introduced": "1.5.0"
              },
              {
                "fixed": "1.5.3"
              }
            ],
            "source": "CPE_RANGE"
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "e8b337754d18b6bc46d565e7b6d82843debb4793"
            },
            {
              "introduced": "83fd7f14fb8098826108be124219400ff08f44f7"
            },
            {
              "fixed": "b970812e9b6427e361c362762d94f7356597efe4"
            }
          ],
          "repo": "https://github.com/cisco-talos/clamav",
          "type": "GIT"
        }
      ]
    }
  ],
  "database_specific": {
    "unresolved_ranges": [
      {
        "cpes": [
          "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
          "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
          "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*"
        ],
        "extracted_events": [
          {
            "fixed": "1.27.2"
          },
          {
            "fixed": "1.29.0"
          },
          {
            "fixed": "8.6.2"
          }
        ],
        "source": "CPE_RANGE",
        "vendor_product": "cisco:secure_endpoint"
      }
    ]
  },
  "details": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.",
  "id": "CVE-2026-20216",
  "modified": "2026-07-11T03:54:29.835110211Z",
  "published": "2026-07-01T17:16:29.973Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}