Dear customer, dear partner,
We wanted to inform you about two critical security vulnerabilities in Cisco products both with a maximum severity score of 10.0.
CVE-2026-20079 [1, 3]: A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system.
CVE-2026-20131 [2, 4]: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
At this time, no exploitation attempts have been observed by the vendor. [1, 2]
Impacted systems:
- Cisco Secure Firewall Management Center
Recommendations:
- Upgrade the affected systems to a fixed software release as soon as possible.
- It is best practice not to expose management interfaces to the internet. If your FMC interface is reachable from the internet, review the logs for suspicious activity.
References:
[1] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2
[2] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
[3] https://www.cve.org/CVERecord?id=CVE-2026-20079
[4] https://www.cve.org/CVERecord?id=CVE-2026-20131
SEWAN Technical Team
