Cisco Patches Long-Standing Vulnerabilities in ClamAV Antivirus Engine

Cisco Patches Long-Standing Vulnerabilities in ClamAV Antivirus Engine

First seen 6 Jul 2026, 13:56 UTC Feeds2.FeedburnerFeeds.4Sysops 89% similarity 57.8

Article Content

Browse articles
ThreatCluster

Cisco's Talos group released security patches for ClamAV, an open-source antivirus engine, addressing seven vulnerabilities in versions 1.5.3 and 1.4.5. These flaws, some dating back nearly two decades, primarily affect the code responsible for unpacking and parsing executable formats. Organizations using ClamAV in mail gateways, file upload checks, and endpoint security tools are impacted. The vulnerabilities highlight risks associated with legacy parsing logic. The patches include fixes for critical issues that could potentially be exploited if left unaddressed. Security professionals are advised to update their systems promptly to mitigate risks. The vulnerabilities were confirmed by Cisco's Talos team and are now patched.

Key Points: • Cisco patched seven vulnerabilities in ClamAV, versions 1.5.3 and 1.4.5. • Some vulnerabilities have existed for nearly two decades, posing long-term risks. • Organizations using ClamAV in various security tools are advised to apply the updates immediately.

ThreatCluster AI

Timeline

2026-07-05
Cisco releases security patches for ClamAV
Cisco's Talos group announced patches for seven vulnerabilities in ClamAV, affecting versions 1.5.3 and 1.4.5.
Feeds2.Feedburner
2026-07-06
Patches address decades-old vulnerabilities
The released patches fix critical vulnerabilities that have persisted in the ClamAV codebase for nearly 20 years.
Feeds.4Sysops

Community

Browse all →