Cisco has disclosed two high-severity vulnerabilities, CVE-2026-20079 and CVE-2026-20131, in the web-based interface of its Secure Firewall Management Center (FMC) Software, which could allow unauthenticated, remote attackers to gain the highest level of access to the underlying operating system. These vulnerabilities affect all configurations of the FMC Software, making them a significant concern for users. The vulnerabilities are considered max-severity, indicating a high level of risk. Cisco's disclosure of these vulnerabilities comes after warning of active exploitation of other vulnerabilities, highlighting the importance of prompt patching. The exploitation status of CVE-2026-20079 is currently being discussed, which will determine whether immediate patching or monitoring is required1. This matters to security practitioners because the potential for unauthenticated access to the underlying operating system could have severe consequences, including data breaches and system compromise.
Cisco reveals 2 max-severity defects in firewall management software
⚡ High Priority
Why This Matters
CVE-2026-20079 is in active discussion involving Cisco — exploitation status determines whether this is patch-now or monitor.
References
- CyberScoop. (2026, March 5). Cisco reveals 2 max-severity defects in firewall management software. CyberScoop. https://cyberscoop.com/cisco-critical-vulnerabilities-secure-firewall-management-center-software/
Original Source
CyberScoop
Read original →