Technology

Cisco reveals 2 max-severity defects in firewall management software

The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code.

By Matt Kapko

March 5, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS / AFP)

Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices.

The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC) Software, regardless of device configuration, the vendor said.

Cisco disclosed the critical vulnerabilities one week after it warned that attackers have been exploiting a pair of zero-days in Cisco’s network edge software for at least three years. That campaign, which is ongoing, marked the second series of multiple actively exploited zero-days in Cisco edge technology since last spring.

Both campaigns prompted the Cybersecurity and Infrastructure Security Agency to issue emergency directives months after the attacks were first detected, and both attack sprees were underway for at least a year before they were discovered.

Cisco said the new vulnerabilities were disclosed and patched as part of its biannual update, which contained 48 vulnerabilities across multiple security products.

“At the time of publication, Cisco PSIRT (public security incident response team) is not aware of any malicious use of these vulnerabilities,” a company spokesperson told CyberScoop.

“We strongly urge customers to upgrade to available fixed software releases that address these vulnerabilities,” the spokesperson added.

One of the vulnerabilities in Cisco Secure FMC Software — CVE-2026-20079 — allows attackers to bypass authentication and execute script files on an affected device to obtain root access to the operating system.

“This vulnerability is due to an improper system process that is created at boot time,” Cisco said in a security advisory.

Cisco said the second critical defect — CVE-2026-20131 — is a deserialization flaw that allows attackers to achieve remote code execution.

“An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device,” the vendor said in a security advisory. “A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.”

Cisco describes the affected product as the “administrative nerve center” for firewall management, application control, intrusion prevention, URL filtering and malware protection.

There are no workarounds for either vulnerability. Cisco did not say how the vulnerabilities might be related, if they can be chained together for exploitation, nor when and under what circumstances it became aware of the defects.