CVE-2026-20216
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This is due to improper handling of temporary resources during file scanning.
Risk Assessment
An attacker can terminate the ClamAV scanning process and temporarily exhaust system resources, leading to unavailability of the antivirus software and potentially the entire system.
Recommendation
Immediately update ClamAV to a version containing the fix for CVE-2026-20216 and consider temporarily restricting scanning of InstallShield files until the update is applied.
Original NVD description (English source)
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.

