What is CVE-2026-20079?

CVE-2026-20079 is a critical-severity vulnerability in Cisco Secure Firewall Management Center (Fmc), classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 10.0/10. Published 2026-03-04.

How severe is CVE-2026-20079?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2026-20079 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Secure Firewall Management Center (Fmc)

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to…

EPSS: 0.111 (93.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Secure Firewall Management Center (Fmc) — versions 7.0.0, 7.0.0.1, 7.0.1

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

Public proof-of-concept exploits

0xBlackash/CVE-2026-20079

References

cisco-sa-onprem-fmc-authbypass-5JPp45V2

Frequently asked questions

What is CVE-2026-20079?: CVE-2026-20079 is a critical-severity vulnerability in Cisco Secure Firewall Management Center (Fmc), classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 10.0/10. Published 2026-03-04.
How severe is CVE-2026-20079?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2026-20079 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.