CVE-2026-20079
Authentication Bypass and Remote Code Execution in Cisco FMC
Publication date: 2026-03-04
Last updated on: 2026-03-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | secure_firewall_management_center_software | * |
| cisco | secure_firewall_management_center | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20079 is a critical authentication bypass vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software.
It allows an unauthenticated, remote attacker to bypass authentication and execute script files on the affected device, gaining root access to the underlying operating system.
The root cause is an improper system process created at boot time, which can be exploited by sending crafted HTTP requests to the device.
A successful exploit enables the attacker to execute various scripts and commands with root privileges.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an unauthenticated attacker to gain root access to the device remotely.
- Complete compromise of confidentiality, integrity, and availability of the affected device.
- Execution of arbitrary scripts and commands with root privileges.
- Potential full control over the underlying operating system of the device.
Because the attack requires no privileges or user interaction and has low complexity, it poses a high risk to affected systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects all Cisco Secure Firewall Management Center (FMC) Software versions regardless of device configuration. Cisco provides a Software Checker tool to identify affected versions and earliest fixed releases.
There are no specific commands provided to detect exploitation attempts or presence of the vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds or mitigations available for this vulnerability.
Cisco strongly recommends upgrading to fixed software releases to fully remediate the vulnerability.
Customers should obtain fixed software through Cisco or authorized partners and ensure device compatibility before upgrading.
Cisco Technical Assistance Center (TAC) support is available for upgrade assistance.