CVE-2026-20079

CRITICAL NUCLEI

Cisco Secure Firewall Management Center - Auth Bypass & RCE via Crafted HTTP Requests

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2026-20079. PoCs published by XiaomingX, 0xBlackash, Sushilsin. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository claims to provide a PoC for an authentication bypass vulnerability in Cisco FMC but lacks actual exploit code, instead redirecting users to an external download link (tinyurl.com). The README contains generic details without technical depth.

Description

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Exploits (4)

github SUSPICIOUS 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-20079

View Code ZIP pw:eip

The repository claims to provide a PoC for an authentication bypass vulnerability in Cisco FMC but lacks actual exploit code, instead redirecting users to an external download link (tinyurl.com). The README contains generic details without technical depth.

Classification

Suspicious 90%

Attack Type

Auth Bypass

Complexity

Theoretical

Reliability

Theoretical

Target: Cisco Secure Firewall Management Center (FMC) Software versions 7.0 through 7.4.x

No auth needed

Prerequisites: network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 06, 2026 Full analysis →

nomisec WORKING POC

by 0xBlackash · poc

https://github.com/0xBlackash/CVE-2026-20079

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2026-20079, demonstrating an authentication bypass and root command execution on Cisco Secure Firewall Management Center (FMC). The exploit leverages a boot-time process vulnerability to hijack sessions and execute arbitrary commands via a privileged CGI endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Cisco Secure Firewall Management Center (FMC) versions 7.0.x, 7.1.x, 7.2.0-7.2.10.2, 7.3.0-7.3.1.2, 7.4.0-7.4.3, 7.6.0-7.6.3, 7.7.0-7.7.11

No auth needed

Prerequisites: Network access to the target FMC web interface · Target running a vulnerable version of Cisco FMC

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 09, 2026 Full analysis →

nomisec SCANNER

by Sushilsin · poc

https://github.com/Sushilsin/CVE-2026-20079

View Code ZIP pw:eip

The repository contains a Python script that checks for CVE-2026-20079, an authentication bypass vulnerability in Cisco Secure Firewall Management Center (FMC). The script probes an endpoint to determine if it is accessible without credentials, indicating potential vulnerability.

Classification

Scanner 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco Secure Firewall Management Center (FMC)

No auth needed

Prerequisites: Network access to the target FMC device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 06, 2026 Full analysis →

nomisec SUSPICIOUS

by b1gchoi · poc

https://github.com/b1gchoi/CVE-2026-20079

View Code ZIP pw:eip

The repository claims to provide a PoC for CVE-2026-20079, an authentication bypass in Cisco FMC, but lacks actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or fake exploits.

Classification

Suspicious 90%

Attack Type

Auth Bypass

Complexity

Theoretical

Reliability

Theoretical

Target: Cisco Secure Firewall Management Center (FMC) Software versions 7.0 through 7.4.x

No auth needed

Prerequisites: network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 06, 2026 Full analysis →

Nuclei Templates (1)

Cisco Secure Firewall Management Center - Authentication Bypass

CRITICALVERIFIEDby theamanrawat

Shodan: html:"BackdraftSyncIntegration"

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2

Scores

CVSS v3 10.0

EPSS 0.1114

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-288

Status published

Published Mar 04, 2026

Tracked Since Mar 05, 2026