Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2026-20079Authentication Bypass Using an Alternate Path or Channel in Cisco Secure Firewall Management Center

CWE-288Authentication Bypass Using an Alternate Path or Channel6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
11.1%
top 6.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Secure Firewall Management Center
Timeline
PublishedMar 4
Latest updateMar 5

Description

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the att

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mv8w-c2qv-cgrg: A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypa2026-03-04
CVEList
CVE-2026-20079: A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypa2026-03-04

💥Exploits & PoCs

1
Nuclei
Cisco Secure Firewall Management Center - Authentication Bypass

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability2026-03-05
CVE-2026-20079 — Cisco vulnerability | cvebase