By Matt Kapko
Publication Date: 2026-03-05 15:26:00
Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices.
The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC) Software, regardless of device configuration, the vendor said.
Cisco disclosed the critical vulnerabilities one week after it warned that attackers have been exploiting a pair of zero-days in Cisco’s network edge software for at least three years. That campaign, which is ongoing, marked the second series of multiple actively exploited zero-days in Cisco edge technology since last spring.
Both campaigns prompted the Cybersecurity and Infrastructure Security Agency to issue emergency directives months after the attacks were first detected, and both attack sprees…
