CVE-2026-20002 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 4, 2026
Cisco Secure FMC Software - SQL Injection
Published: March 4, 2026Updated: March 4, 2026Remote Exploitable
Overview
Cisco Secure FMC Software contains a SQL injection caused by inadequate validation of user-supplied input in the web-based management interface, letting authenticated remote attackers access the database and read certain OS files.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Authenticated attackers can access the database fully and read certain files on the underlying operating system.
Mitigation
Update to the latest version of Cisco Secure FMC Software.
Related Resources
Details
- CVE ID
- CVE-2026-20002
- Severity
- High
- CVSS Score
- 8.1
- Type
- sql_injection
- Status
- new
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N