Cyber Resilience

CVE-2026-20002

High

Published: 04 March 2026

Published
04 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0034 25.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-20002 is a high-severity SQL Injection (CWE-89) vulnerability in Cisco Secure FMC (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-20002 is a SQL injection vulnerability in the web-based management interface of Cisco Secure FMC Software. The flaw arises from inadequate validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious SQL queries into the system.

An attacker with valid user credentials can exploit this vulnerability by sending crafted requests to an affected device over the network. Successful exploitation grants full access to the underlying database, allowing the attacker to read sensitive data, as well as certain files on the operating system. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), highlighting high confidentiality and integrity impacts with low complexity and privileges required.

For mitigation details, including available patches and workarounds, refer to the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd. This advisory provides guidance from the vendor on addressing the issue.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could…

more

exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in public web management interface directly enables remote exploitation of a public-facing application (T1190) by an authenticated attacker over the network.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24956Shared CWE-89
CVE-2026-33615Shared CWE-89
CVE-2025-28939Shared CWE-89
CVE-2021-47872Shared CWE-89
CVE-2025-28873Shared CWE-89
CVE-2019-25636Shared CWE-89
CVE-2026-32611Shared CWE-89
CVE-2026-42755Shared CWE-89
CVE-2024-53544Shared CWE-89
CVE-2026-21410Shared CWE-89

Affected Assets

Cisco
Secure FMC
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause of the CVE by requiring validation mechanisms for user-supplied input in the web management interface to prevent SQL injection.

prevent

Ensures timely identification, reporting, and remediation of the specific SQL injection flaw in Cisco Secure FMC Software via patching or workarounds.

detect

Vulnerability scanning and monitoring detect SQL injection vulnerabilities like CVE-2026-20002 in the web interface, enabling proactive remediation.

References