CVE-2026-20018
Arbitrary File Write in Cisco FMC/FTD via Path Validation Flaw
Publication date: 2026-03-04
Last updated on: 2026-03-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_management_center | * |
| cisco | secure_firewall_threat_defense | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-27 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20018 is a medium-severity path traversal vulnerability affecting the sftunnel functionality in Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software.
It allows an authenticated remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system due to insufficient validation of directory paths during file synchronization.
An attacker can exploit this by crafting directory paths outside the expected file locations, enabling them to create or replace any file on the system.
How can this vulnerability impact me? :
A successful exploit of this vulnerability could allow an attacker to create or replace any file on the underlying operating system with root privileges.
This can lead to significant impacts on system integrity and availability, potentially allowing the attacker to disrupt system operations or compromise system functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection involves identifying whether your Cisco Secure Firewall Management Center (FMC) or Secure Firewall Threat Defense (FTD) Software is running a vulnerable release.
Customers can use the Cisco Software Checker tool to identify affected releases and the earliest fixed versions.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'There are no workarounds or temporary mitigations available for this vulnerability.'}, {'type': 'paragraph', 'content': 'The only effective mitigation is to upgrade to the fixed software versions released by Cisco for Secure Firewall Management Center (FMC) and Secure Firewall Threat Defense (FTD) Software.'}, {'type': 'paragraph', 'content': "Before upgrading, ensure hardware and software compatibility and consult Cisco's detailed upgrade guides and compatibility documents."}, {'type': 'paragraph', 'content': 'If needed, contact Cisco TAC for support during the remediation process.'}] [1]