Cisco Snort 3 Detection Engine Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Snort 3 Detection Engine used by multiple Cisco products. This vulnerability allows an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, disrupting packet inspection. The issue arises from an error in the binder module initialization logic, which can be exploited by sending specific packets through an established connection that Snort 3 is parsing. When exploited, the Snort 3 Detection Engine unexpectedly restarts, creating a temporary interruption in service.

Impact

Exploitation of this vulnerability causes the Snort 3 Detection Engine to restart unexpectedly, interrupting packet inspection and analysis.

Remediation

Cisco has released software updates that address this vulnerability. For Open Source Snort 3, users should upgrade to version 3.6.3.0 or later. For Cisco Secure Firewall Threat Defense (FTD) Software, Snort 3 must be active, and users can check their version using the Cisco Software Checker tool. Cisco Meraki MX Security Appliances have been automatically updated with the Snort 3 package as of February 5, 2026. For Cisco IOS XE Software, users should upgrade to version 17.12.7, 17.15.5, or 17.18.3, depending on their current release.