Cisco released fixes for 50 vulnerabilities across its products, including 48 affecting ASA, Secure FMC, and Secure FTD appliances, bundled in a March 2026 publication containing 25 security advisories. Two critical CVEs (CVE-2026-20079 and CVE-2026-20131, both rated 10.0) allow remote attackers to execute arbitrary scripts or Java code and gain root access, so administrators are urged to apply patches immediately; Cisco says it is not aware of any active exploitation. #Cisco #SecureFMC
Keypoints
- Cisco patched 50 vulnerabilities across its enterprise networking products in a March 2026 bundled release.
- Two critical flaws, CVE-2026-20079 and CVE-2026-20131, both have CVSS scores of 10.0 and affect the Secure FMC web interface.
- CVE-2026-20079 is an authentication bypass that can lead to arbitrary script execution and root access via crafted HTTP requests.
- CVE-2026-20131 is insecure Java deserialization allowing execution of Java code with root privileges when exposed to crafted serialized objects.
- Nine high-severity and multiple medium-severity issues affect ASA, Secure FMC, Secure FTD, Webex, and ClamAV; Cisco reports no known in-the-wild exploitation and recommends immediate updates.