Loading
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
Use CWE-434, Ivanti vendor hub and Connect Secure product page to widen CVE-2020-8260 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-55145, CVE-2025-55147 and CVE-2025-55142 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: February 27th, 2026.