ACCORDING to Cisco, the networking giant has released 25 joint security advisories covering patches for 48 vulnerabilities across its Secure Firewall ASA, FMC and FTD software. The advisories were published on 4 March and are included in a bundled publication. The most critical flaws, CVE-2026-20079 and CVE-2026-20131, have a maximum CVSS rating of 10 and affect Cisco Secure FMC software.
CVE-2026-20079 is an authentication bypass vulnerability that could allow root access by sending crafted HTTP requests to an affected device, while CVE-2026-20131 is a remote code execution vulnerability resulting from insecure deserialization of a Java byte stream that could enable arbitrary code execution and root privilege escalation. There are no workarounds to mitigate either flaw, and customers are urged to upgrade to the fixed software indicated in the advisory. The remaining patched issues comprise 15 high-severity flaws (CVSS 7.2 to 8.6) and 31 medium-severity flaws (CVSS 4.3 to 6.8).