Other vulnerabilities
Of the remaining flaws, a further six are rated ‘high’, with CVSS scores of between 7.2 and 8.6. These include the Firewall Management Center SQL injection vulnerabilities CVE-2026-20001, CVE-2026-20002, and CVE-2026-20003, all remotely exploitable by an authenticated attacker. Again, no workarounds are possible.
CVE-2026-20039, rated 8.6 (‘critical’), is a flaw affecting the VPN web server in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software which could allow an unauthenticated attacker to induce a denial of service state.
Additionally, CVE-2026-20082, also rated 8.6, could allow an unauthenticated attacker to cause incoming TCP SYN packets to be dropped incorrectly in the Cisco Secure Firewall Adaptive Security Appliance (ASA) Software.
