CVE-2026-20039 – Cisco Secure Firewall Management Center Multiple Vulnerabilities

Cisco released security updates addressing multiple vulnerabilities in Cisco Secure Firewall Management Center (FMC) that could allow attackers to bypass authentication, execute commands, or disrupt security operations. The most severe issues include CVE-2026-20079 and CVE-2026-20131, both rated CVSS v3.1 10.0 (Critical). These vulnerabilities could allow an unauthenticated remote attacker to send crafted HTTP requests to the web management interface and gain the ability to execute commands with root-level privileges on the underlying system.

Additional vulnerabilities addressed in this update include CVE-2026-20100, CVE-2026-20101, CVE-2026-20103, CVE-2026-20105, CVE-2026-20106, CVE-2026-20039, and CVE-2026-20082. These issues involve weaknesses such as improper input validation, authorization bypass conditions, and other security control failures that could allow attackers with varying levels of access to execute commands, escalate privileges, or cause service disruption within the firewall management platform.

Because Secure Firewall Management Center centrally manages firewall rules, intrusion prevention policies, and security visibility across enterprise environments, successful exploitation could allow attackers to manipulate security policies, disable protections, and gain deeper access into protected networks.