Cisco has released emergency patches addressing 48 CVEs across 25 advisories in its firewall products. The most critical are two CVSS 10.0 flaws in Cisco Secure Firewall Management Center (FMC): CVE-2026-20079 (authentication bypass) and CVE-2026-20131 (insecure Java deserialization), both allowing unauthenticated remote root access via the web management interface. Neither has been exploited yet, but Cisco warns there are no workarounds — admins should patch immediately or ensure FMC is not internet-exposed. Additional high-severity flaws include SQL injection vulnerabilities in FMC and a DoS flaw in ASA/FTD VPN software. Cisco's software checker tool can help determine the correct update path.
Sort: