CVE-2026-20008

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description A flaw exists in certain command-line interface (CLI) commands within the software that could allow a local attacker with Administrator privileges to execute Lua code as root. This is due to insufficient input sanitization. An attacker could craft malicious Lua code and submit it as a parameter to a CLI command, potentially leading to arbitrary code execution with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.