CVE-2026-20003

Name of the Vulnerable Software and Affected Versions Cisco Secure FMC Software (affected versions not specified)

Description A flaw exists in the REST API of Cisco Secure FMC Software that may allow a remote attacker with valid credentials to perform SQL injection attacks. The issue stems from insufficient validation of user-provided input. Successful exploitation could grant the attacker read access to the database and the ability to read specific files on the operating system. To exploit this, an attacker needs valid user credentials with roles such as Administrator, Security approver, Intrusion admin, Access admin, or Network admin. The API is susceptible to crafted requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.