CVE-2026-20001SQL Injection in Cisco Secure Firewall Management Center

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Firewall Management Center
Timeline
PublishedMar 4

Description

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulner

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities2026-03-04
GHSA
GHSA-x463-pc3r-q5g5: A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affe2026-03-04

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities2026-03-04
CVE-2026-20001 — SQL Injection in Cisco | cvebase