- 48/2026
- Critical
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to bypass authentication, gain elevated privileges, execute arbitrary code or commands, perform SQL injection, cross-site scripting (XSS) attacks, denial-of-service attacks, and obtain sensitive information from the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability (CVE-2026-20079):
- CVSS: 10.0
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability (CVE-2026- 20039):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco Secure Firewall Management Center (FMC) Software.
- Cisco Secure Firewall Adaptive Security Appliance (ASA) Software.
- Cisco Secure Firewall Threat Defense (FTD) Software.
- Cisco Security Cloud Control (SCC) Firewall Management.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.