CVE-2026-20044 MEDIUM

CVE-2026-20044: Cisco Secure Firewall Management Center Command Injection Vulnerability

Vendor Cisco
Product Cisco Secure Firewall Management Center (FMC)
Weakness CWE-269
Published March 4, 2026
Last update March 5, 2026

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.

Key dates

02Disclosure timeline

March 4, 2026 CVE published
March 5, 2026 Record updated