CVE-2026-20018
Received Received - Intake
Arbitrary File Write in Cisco FMC/FTD via Path Validation Flaw

Publication date: 2026-03-04

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. This vulnerability is due to insufficient validation of the directory path during file synchronization. An attacker could exploit this vulnerability by crafting a directory path outside of the expected file location. A successful exploit could allow the attacker to create or replace any file on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20018
EUVD
EUVD-2026-9456
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco secure_firewall_management_center *
cisco secure_firewall_threat_defense *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-27 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20018 is a medium-severity path traversal vulnerability affecting the sftunnel functionality in Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

It allows an authenticated remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system due to insufficient validation of directory paths during file synchronization.

An attacker can exploit this by crafting directory paths outside the expected file locations, enabling them to create or replace any file on the system.

Impact Analysis

A successful exploit of this vulnerability could allow an attacker to create or replace any file on the underlying operating system with root privileges.

This can lead to significant impacts on system integrity and availability, potentially allowing the attacker to disrupt system operations or compromise system functionality.

Compliance Impact

I don't know

Detection Guidance

There are no specific detection commands or network indicators provided for this vulnerability. Detection involves identifying whether your Cisco Secure Firewall Management Center (FMC) or Secure Firewall Threat Defense (FTD) Software is running a vulnerable release.

Customers can use the Cisco Software Checker tool to identify affected releases and the earliest fixed versions.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'There are no workarounds or temporary mitigations available for this vulnerability.'}, {'type': 'paragraph', 'content': 'The only effective mitigation is to upgrade to the fixed software versions released by Cisco for Secure Firewall Management Center (FMC) and Secure Firewall Threat Defense (FTD) Software.'}, {'type': 'paragraph', 'content': "Before upgrading, ensure hardware and software compatibility and consult Cisco's detailed upgrade guides and compatibility documents."}, {'type': 'paragraph', 'content': 'If needed, contact Cisco TAC for support during the remediation process.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20018. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart