Multiple ClamAV Vulnerabilities Lead to Denial of Service Risks

Multiple ClamAV Vulnerabilities Lead to Denial of Service Risks

First seen 8 Jul 2026, 17:25 UTC LinuxsecurityUbuntulaunchpad.net 81% similarity 70.5

Article Content

Browse articles
ThreatCluster

On July 1, 2026, several vulnerabilities in ClamAV were disclosed, affecting its handling of various file types, including PE, 7z, and DMG files. These vulnerabilities, identified as CVE-2026-20213, CVE-2026-20214, CVE-2026-20215, CVE-2026-20216, CVE-2026-20217, CVE-2026-20243, and CVE-2026-20244, could allow remote attackers to exploit the software, potentially leading to crashes and denial of service. The vulnerabilities stem from improper boundary checks and resource handling during file scanning. Affected systems include ClamAV versions prior to the latest patches. Security advisories have been issued for both Ubuntu and openSUSE users, urging immediate updates. The situation remains critical as users are advised to apply patches promptly to mitigate risks.

Key Points: • Seven critical vulnerabilities in ClamAV were disclosed on July 1, 2026. • Affected file types include PE, 7z, InstallShield, ALZ, and DMG. • Remote attackers could exploit these vulnerabilities to cause denial of service.

ThreatCluster AI

Timeline

2026-07-01
ClamAV vulnerabilities disclosed
Multiple vulnerabilities affecting ClamAV were published, including CVE-2026-20213 to CVE-2026-20244, leading to potential denial of service.
Ubuntu
2026-07-01
Security advisories issued
Both Ubuntu and openSUSE released advisories urging users to update ClamAV to mitigate the newly discovered vulnerabilities.
Linuxsecurity
2026-07-01
CVE-2026-20244 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20214 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20215 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20217 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20243 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20213 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-01
CVE-2026-20216 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-08
Patches recommended
Users are advised to apply patches for ClamAV to protect against the disclosed vulnerabilities as the risk of exploitation remains high.
Ubuntu

Community

Browse all →