CVE-2026-20002
Published: 04 March 2026
Summary
CVE-2026-20002 is a high-severity SQL Injection (CWE-89) vulnerability in Cisco Secure FMC (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-20002 is a SQL injection vulnerability in the web-based management interface of Cisco Secure FMC Software. The flaw arises from inadequate validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious SQL queries into the system.
An attacker with valid user credentials can exploit this vulnerability by sending crafted requests to an affected device over the network. Successful exploitation grants full access to the underlying database, allowing the attacker to read sensitive data, as well as certain files on the operating system. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), highlighting high confidentiality and integrity impacts with low complexity and privileges required.
For mitigation details, including available patches and workarounds, refer to the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd. This advisory provides guidance from the vendor on addressing the issue.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-9425
Vulnerability details
A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could…
more
exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public web management interface directly enables remote exploitation of a public-facing application (T1190) by an authenticated attacker over the network.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the root cause of the CVE by requiring validation mechanisms for user-supplied input in the web management interface to prevent SQL injection.
Ensures timely identification, reporting, and remediation of the specific SQL injection flaw in Cisco Secure FMC Software via patching or workarounds.
Vulnerability scanning and monitoring detect SQL injection vulnerabilities like CVE-2026-20002 in the web interface, enabling proactive remediation.