Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Cisco Secure FMC Software: SQL Injection with Valid Credentials
CVE-2026-20002
Summary
An attacker with valid login credentials can exploit a flaw in the web interface of Cisco Secure FMC Software to access sensitive database information and potentially read system files. This affects the security of your network management system. Update your Cisco Secure FMC Software to the latest version to fix this issue.
Original title
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vuln...
Original description
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.
This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.
nvd CVSS3.1
8.1
Vulnerability type
CWE-89
SQL Injection
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026