CVE-2026-20063 Cisco Secure FTD Software Authenticated Command Injection Vulnerability

🗓️ 04 Mar 2026 17:48:38Reported by ciscoType

Authenticated local attacker can run commands as root due to a CLI input validation flaw.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-20063	4 Mar 202617:48	–	attackerkb
Cisco	Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities	4 Mar 202616:00	–	cisco
CNNVD	Cisco Secure Firewall Threat Defense 参数注入漏洞	4 Mar 202600:00	–	cnnvd
CVE	CVE-2026-20063	4 Mar 202617:48	–	cve
EUVD	EUVD-2026-9463	4 Mar 202618:31	–	euvd
NCSC	Vulnerabilities fixed in Cisco Secure Firewall systems	5 Mar 202609:05	–	ncsc
NVD	CVE-2026-20063	4 Mar 202618:16	–	nvd
Positive Technologies	PT-2026-23022	4 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-20063	5 Mar 202619:31	–	redhatcve
Vulnrichment	CVE-2026-20063 Cisco Secure FTD Software Authenticated Command Injection Vulnerability	4 Mar 202617:48	–	vulnrichment

[
  {
    "vendor": "Cisco",
    "product": "Cisco Secure Firewall Threat Defense (FTD) Software",
    "versions": [
      {
        "version": "7.6.0",
        "status": "affected"
      },
      {
        "version": "7.7.0",
        "status": "affected"
      },
      {
        "version": "7.6.1",
        "status": "affected"
      },
      {
        "version": "7.6.2",
        "status": "affected"
      },
      {
        "version": "7.7.10",
        "status": "affected"
      },
      {
        "version": "7.6.2.1",
        "status": "affected"
      },
      {
        "version": "7.7.10.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmd-inj-mTzGZexf

04 Mar 2026 17:48Current

CVSS 3.16

EPSS0.00188