CVE-2026-20003
Received Received - Intake
SQL Injection in Cisco Secure FMC REST API Allows Data Access

Publication date: 2026-03-04

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials with any of the following roles: Administrator Security approver Intrusion admin Access admin Network admin
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-04
Generated
2026-05-06
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20003
EUVD
EUVD-2026-9426
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco secure_fmc_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the REST API of Cisco Secure FMC Software and allows an authenticated remote attacker to perform SQL injection attacks.

It occurs because the software does not properly validate user-supplied input.

An attacker with valid user credentials in certain roles can send specially crafted requests to exploit this flaw.

Successful exploitation could let the attacker read the database contents and access certain files on the underlying operating system.

  • Valid roles required include Administrator, Security approver, Intrusion admin, Access admin, or Network admin.

How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker to gain unauthorized read access to sensitive database information.

The attacker could also read certain files on the underlying operating system, potentially exposing confidential data.

This could lead to information disclosure and compromise of system confidentiality.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that only trusted users with valid credentials and appropriate roles (Administrator, Security approver, Intrusion admin, Access admin, Network admin) have access to the Cisco Secure FMC Software REST API.

Additionally, monitor and restrict access to the REST API to reduce the risk of exploitation by authenticated attackers.

Applying any available patches or updates from Cisco for the Secure FMC Software is also recommended once they are released.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart