Cisco Secure Firewall Management Center - Authentication Bypass

Cisco Secure Firewall Management Center Software contains an authentication bypass caused by improper system process creation at boot, letting unauthenticated remote attackers execute scripts and gain root access, exploit requires crafted HTTP requests. id: CVE-2026-20079 info: name: Cisco Secure...

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

Exploit for Deserialization of Untrusted Data in Cisco Secure_Firewall_Management_Center

🚨 CVE-2026-20131 | Cisco FMC Critical RCE Unauthenticat...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities (cisco-sa-fmc-sql-injection-2qH6CcJd)

According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-20131link is external Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management Deserialization of...

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root...

VulnCheck KEV: CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

Cisco Secure Firewall Management Center Software RCE (cisco-sa-fmc-rce-NKhnULJh)

According to its self-reported version, Cisco Secure Firewall Management Center FMC is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary...

Cisco Secure Firewall Management Center Software Authentication Bypass (cisco-sa-onprem-fmc-authbypass-5JPp45V2)

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

CVE-2026-20044

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker...

EUVD-2026-9444

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

EUVD-2026-9435

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker...

CVE-2026-20001

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending...

CVE-2026-20018 Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...

CVE-2026-20018

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center FMC Software and Cisco Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating...

CVE-2026-20131

CVE-2026-20131 affects Cisco Secure Firewall Management Center (FMC) Software via the web-based management interface. The root cause is insecure deserialization of untrusted Java byte streams, enabling an unauthenticated, remote attacker to execute arbitrary Java code as root. Affected artifacts ...

CVE-2026-20131

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java...

CVE-2026-20044

The CVE-2026-20044 affects Cisco Secure Firewall Management Center (FMC) Software. The issue stems from insufficient restrictions on remediation modules during lockdown mode, allowing an authenticated local attacker with admin credentials to send crafted input to the system CLI and potentially ex...

CVE-2026-20044

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker...

CVE-2026-20079

Cisco Secure Firewall Management Center (FMC) Software contains a web interface vulnerability that could allow an unauthenticated, remote attacker to bypass authentication and run scripts to gain root access. The root cause is described as an improper system process created at boot time, enabling...