CISCO has rolled out patches for 50 vulnerabilities across its enterprise networking products, including 48 flaws in Firewall ASA, Secure FMC, and Secure FTD appliances, according to Cisco. The company also released a March 2026 bundled publication containing 25 security advisories that describe these defects, with two advisories detailing critical-severity flaws.
The first, CVE-2026-20079, carries a CVSS score of 10/10 and describes an authentication bypass in the web interface of Cisco Secure FMC software, which could allow an attacker to execute arbitrary scripts and gain root access. The second, CVE-2026-20131, also has a CVSS score of 10/10 and could let attackers execute Java code with root privileges due to insecure deserialization of a user-supplied Java byte stream.
Cisco also fixed nine high-severity vulnerabilities in the ASA Firewall, Secure FMC, and Secure FTD appliances, potentially enabling SQL injection, DoS, or the reading, creation, or overwriting of sensitive files, while the remaining three dozen flaws are rated medium severity. Cisco says it is not aware of these vulnerabilities being exploited in the wild, and users are urged to update promptly.