Description
A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials with any of the following roles:

Administrator
Security approver
Access admin
Network admin
Published: 2026-03-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach
Action: Immediate Patch
AI Analysis

Impact

A vulnerable REST API in Cisco Secure FMC Software permits an authenticated remote attacker to inject SQL statements due to insufficient input validation; by sending crafted API requests, an attacker can read data from the application database and retrieve selected operating‑system files, which enables disclosure of sensitive configuration and data information without granting write or execution privileges.

Affected Systems

Impact falls on Cisco Secure Firewall Management Center (FMC) devices; all deployments running the affected firmware are potentially vulnerable as specific product versions were not listed. The flaw requires valid user credentials with one of the following roles: Administrator, Security approver, Access admin, or Network admin, allowing these users to exploit the REST API endpoints to perform the injection.

Risk and Exploitability

The CVSS v3 score of 6.5 classifies the issue as moderate. EPSS indicates a current exploitation likelihood below 1%, suggesting a low probability of attacker activity presently, and the flaw is not present in CISA's KEV catalog. The attack vector is a remote, authenticated request to the REST API; an attacker must first compromise or obtain valid credentials with sufficient privileges. Successful exploitation grants read‑only access to the database and limited file read capabilities, posing a confidentiality risk to sensitive firewall configuration and logs.

Generated by OpenCVE AI on April 18, 2026 at 10:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update or patch issued by Cisco for the FMC software as documented in the Cisco security advisory, which fixes the CWE‑89 SQL injection flaw.
  • Restrict REST API access by enforcing the principle of least privilege—remove or limit the Administrator, Security approver, Access admin, and Network admin rights for users who do not require them, and validate all user‑supplied input against SQL injection patterns (CWE‑89) by using parameterized queries.
  • Enable detailed logging of SQL queries and monitor for anomalous or suspicious activity on the FMC system, correlating logs with known CWE‑89 attack signatures to detect potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 10:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco secure Firewall Management Center
Vendors & Products Cisco
Cisco secure Firewall Management Center

Wed, 04 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials with any of the following roles: Administrator Security approver Access admin Network admin
Title Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Cisco Secure Firewall Management Center
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-05T15:37:40.809Z

Reserved: 2025-10-08T11:59:15.348Z

Link: CVE-2026-20001

cve-icon Vulnrichment

Updated: 2026-03-05T15:37:34.503Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T18:16:12.243

Modified: 2026-03-05T19:39:11.967

Link: CVE-2026-20001

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses