On 4 March 2026, Cisco released fixes for two maximum-severity vulnerabilities impacting Cisco Secure Firewall Management Center (FMC), which is used to centrally manage Cisco Secure Firewall devices.?
- : An unauthenticated remote threat actor can exploit this to bypass authentication and execute scripts as root on unpatched devices by sending crafted HTTP requests. The vulnerability is due to an improperly created system process at boot.?
- : An unauthenticated remote threat actor can exploit this to execute arbitrary Java code as root on unpatched devices by sending a crafted serialised object to the web interface. The vulnerability is due to insecure deserialisation.?
Arctic Wolf has not?observed?threat?actors exploiting these vulnerabilities, nor have any public proof-of-concept exploits been reported. Threat actors may?attempt?to reverse engineer the releases?in the near future?due to the potential level of access they could obtain upon compromising an unpatched device.?
Recommendation for CVE-2026-20079 & CVE-2026-20131
Upgrade to Latest Fixed Release
Arctic Wolf strongly recommends that customers upgrade to the latest fixed release of Cisco FMC.?
Customers can use??to verify if they are running an affected product and update to the fixed release.?
- Note: CVE-2026-20131 also affects Cisco Security Cloud Control (SCC) Firewall Management; however, Cisco has upgraded the service as part of routine maintenance, and no user action is required.?
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
References?
