CVE-2026-20079

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Management Center (FMC) (affected versions not specified)

Description A flaw in the web interface of Cisco Secure Firewall Management Center (FMC) Software allows an unauthenticated remote attacker to bypass authentication and execute script files to gain root access to the underlying operating system. This issue stems from an improper system process created during boot time. Attackers can exploit this by sending crafted HTTP requests to the management interface. Technical analysis indicates the use of Java Byte-Stream via HTTP POST requests to trigger a deserialization process. Specifically, the readObject() method triggers a gadget chain moving from LazyMap to InvokerTransformer, eventually executing the exec() command with root privileges. Between 300 and 700 systems are estimated to be exposed worldwide.

Recommendations Upgrade to fixed FMC versions immediately. As a temporary workaround, restrict access to the management interface to minimize the risk of exploitation.