CVE-2026-20001
Received Received - Intake
SQL Injection in Cisco Secure FMC REST API Allows Data Access

Publication date: 2026-03-04

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials with any of the following roles: Administrator Security approver Access admin Network admin
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-04
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20001
EUVD
EUVD-2026-9424
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco secure_firewall_management_center *
cisco secure_fmc_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-20001 is a SQL injection vulnerability in the REST API of Cisco Secure Firewall Management Center (FMC) Software. It occurs because the software does not properly validate user-supplied input. An authenticated remote attacker with valid credentials in certain roles can send specially crafted requests to exploit this flaw.

Successful exploitation allows the attacker to gain read access to the database and read certain files on the underlying operating system.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing an attacker with valid credentials to read sensitive data from the database and access certain files on the underlying operating system. This could lead to unauthorized disclosure of information.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should apply the software updates released by Cisco for the Secure Firewall Management Center (FMC) Software.

No workarounds are available, so timely patching is the only effective mitigation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart