CVE-2026-20001

Name of the Vulnerable Software and Affected Versions Cisco Secure FMC Software (affected versions not specified)

Description A flaw exists in the REST API of Cisco Secure FMC Software that may allow a remote attacker with valid credentials (Administrator, Security approver, Access admin, or Network admin roles) to perform SQL injection attacks. This is caused by insufficient validation of user-provided input. A successful exploit could grant the attacker read access to the database and the ability to read certain files on the operating system. The API is the point of entry for this issue. The attacker sends crafted requests to the affected device, utilizing potentially vulnerable input parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.