● Medium · CVSS 4.9

How to Fix CVE-2026-20003: Cisco Secure Firewall Management Center (FMC) (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-20003 is a sibling vulnerability in the same vendor advisory as CVE-2026-20001. Apply the same patched build and you close both. The technical detail below is what differs.

⚡ At a glance


Severity	4.9 (Medium)
Actively exploited?	No public listing in CISA KEV
Affected	Cisco Secure Firewall Management Center (FMC) 7.0.0; Cisco Secure Firewall Management Center (FMC) 7.0.0.1; Cisco Secure Firewall Management Center (FMC) 7.0.1; Cisco Secure Firewall Management Center (FMC) 7.0.1.1; Cisco Secure Firewall Management Center (FMC) 7.0.2; Cisco Secure Firewall Management Center (FMC) 7.0.2.1; Cisco Secure Firewall Management Center (FMC) 7.0.3; Cisco Secure Firewall Management Center (FMC) 7.0.4; Cisco Secure Firewall Management Center (FMC) 7.0.5; Cisco Secure Firewall Management Center (FMC) 7.0.6; Cisco Secure Firewall Management Center (FMC) 7.0.6.1; Cisco Secure Firewall Management Center (FMC) 7.0.6.2; Cisco Secure Firewall Management Center (FMC) 7.0.6.3; Cisco Secure Firewall Management Center (FMC) 7.0.7; Cisco Secure Firewall Management Center (FMC) 7.0.8; Cisco Secure Firewall Management Center (FMC) 7.0.8.1; Cisco Secure Firewall Management Center (FMC) 7.1.0; Cisco Secure Firewall Management Center (FMC) 7.1.0.1; Cisco Secure Firewall Management Center (FMC) 7.1.0.2; Cisco Secure Firewall Management Center (FMC) 7.1.0.3; Cisco Secure Firewall Management Center (FMC) 7.2.0; Cisco Secure Firewall Management Center (FMC) 7.2.1; Cisco Secure Firewall Management Center (FMC) 7.2.2; Cisco Secure Firewall Management Center (FMC) 7.2.0.1; Cisco Secure Firewall Management Center (FMC) 7.2.3; Cisco Secure Firewall Management Center (FMC) 7.2.3.1; Cisco Secure Firewall Management Center (FMC) 7.2.4; Cisco Secure Firewall Management Center (FMC) 7.2.4.1; Cisco Secure Firewall Management Center (FMC) 7.2.5; Cisco Secure Firewall Management Center (FMC) 7.2.5.1; Cisco Secure Firewall Management Center (FMC) 7.2.6; Cisco Secure Firewall Management Center (FMC) 7.2.7; Cisco Secure Firewall Management Center (FMC) 7.2.5.2; Cisco Secure Firewall Management Center (FMC) 7.2.8; Cisco Secure Firewall Management Center (FMC) 7.2.8.1; Cisco Secure Firewall Management Center (FMC) 7.2.9; Cisco Secure Firewall Management Center (FMC) 7.2.10; Cisco Secure Firewall Management Center (FMC) 7.2.10.2; Cisco Secure Firewall Management Center (FMC) 7.2.10.1; Cisco Secure Firewall Management Center (FMC) 7.3.0; Cisco Secure Firewall Management Center (FMC) 7.3.1; Cisco Secure Firewall Management Center (FMC) 7.3.1.1; Cisco Secure Firewall Management Center (FMC) 7.3.1.2; Cisco Secure Firewall Management Center (FMC) 7.4.0; Cisco Secure Firewall Management Center (FMC) 7.4.1; Cisco Secure Firewall Management Center (FMC) 7.4.1.1; Cisco Secure Firewall Management Center (FMC) 7.4.2; Cisco Secure Firewall Management Center (FMC) 7.4.2.1; Cisco Secure Firewall Management Center (FMC) 7.4.2.2; Cisco Secure Firewall Management Center (FMC) 7.4.2.3; Cisco Secure Firewall Management Center (FMC) 7.4.2.4; Cisco Secure Firewall Management Center (FMC) 7.4.3; Cisco Secure Firewall Management Center (FMC) 7.6.0; Cisco Secure Firewall Management Center (FMC) 7.6.1; Cisco Secure Firewall Management Center (FMC) 7.6.2; Cisco Secure Firewall Management Center (FMC) 7.6.2.1; Cisco Secure Firewall Management Center (FMC) 7.6.3; Cisco Secure Firewall Management Center (FMC) 7.7.0; Cisco Secure Firewall Management Center (FMC) 7.7.10; Cisco Secure Firewall Management Center (FMC) 7.7.10.1
Fixed in	Same patched build as CVE-2026-20001
Type (CWE)	CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

What's different about CVE-2026-20003?

A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain read access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials with any of the following roles:

Administrator

Security approver

Intrusion admin

Access admin

Network admin

How to fix CVE-2026-20003

Apply the patched build per the primary write-up: How to Fix CVE-2026-20001. All commands, verification steps, and rollback notes for Cisco Secure Firewall Management Center (FMC) are listed there.

Frequently asked questions

Does the CVE-2026-20001 patch close CVE-2026-20003?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-20003 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd

References

Official vendor advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-injection-2qH6CcJd
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-20003
CISA KEV catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Primary: How to Fix CVE-2026-20001

*Written by Sai Kiran Pandrala. Part of the Cisco Secure Firewall Management Center (FMC) bundle. Full procedure at how-to-fix-cve-2026-20001.*