CVE-2026-20079
Received Received - Intake
Authentication Bypass and Remote Code Execution in Cisco FMC

Publication date: 2026-03-04

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-04
Generated
2026-06-17
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20079
EUVD
EUVD-2026-9438
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco secure_firewall_management_center_software *
cisco secure_firewall_management_center *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20079 is a critical authentication bypass vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software.

It allows an unauthenticated, remote attacker to bypass authentication and execute script files on the affected device, gaining root access to the underlying operating system.

The root cause is an improper system process created at boot time, which can be exploited by sending crafted HTTP requests to the device.

A successful exploit enables the attacker to execute various scripts and commands with root privileges.

Impact Analysis

This vulnerability can have severe impacts as it allows an unauthenticated attacker to gain root access to the device remotely.

  • Complete compromise of confidentiality, integrity, and availability of the affected device.
  • Execution of arbitrary scripts and commands with root privileges.
  • Potential full control over the underlying operating system of the device.

Because the attack requires no privileges or user interaction and has low complexity, it poses a high risk to affected systems.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects all Cisco Secure Firewall Management Center (FMC) Software versions regardless of device configuration. Cisco provides a Software Checker tool to identify affected versions and earliest fixed releases.

There are no specific commands provided to detect exploitation attempts or presence of the vulnerability on your network or system.

Mitigation Strategies

There are no workarounds or mitigations available for this vulnerability.

Cisco strongly recommends upgrading to fixed software releases to fully remediate the vulnerability.

Customers should obtain fixed software through Cisco or authorized partners and ensure device compatibility before upgrading.

Cisco Technical Assistance Center (TAC) support is available for upgrade assistance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20079. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart