Cisco admits total security failure: Critical flaws give hackers complete control

Cisco’s semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD bundled publication (released March 4, 2026) includes 25 security advisories covering 48 vulnerabilities, with software updates available to address them.

Two critical Secure FMC flaws headline the release

Cisco lists two Critical issues in Cisco Secure Firewall Management Center (FMC), both rated CVSS 10.0:

• CVE-2026-20079 (authentication bypass)
• CVE-2026-20131 (remote code execution)

BleepingComputer reports Cisco’s advisories describe remote, unauthenticated exploitation scenarios that can lead to root-level impact on affected systems.

ASA and Secure FTD also get fixes, with multiple high-severity DoS items

Beyond Secure FMC, the bundle includes multiple high-severity entries affecting ASA and Secure FTD, including Remote Access SSL VPN and VPN web-server denial-of-service vulnerabilities (Cisco lists several of these as High with CVSS 8.6 in the bundled table).

Exploitation status and what admins should do

Cisco’s PSIRT has not reported evidence that the two max-severity Secure FMC bugs are being exploited, according to BleepingComputer’s summary of Cisco’s position.

For enterprise environments, the practical guidance is straightforward: apply Cisco’s fixed releases for ASA/FTD/FMC as soon as feasible, prioritizing Secure FMC first because it sits at the center of firewall administration and policy deployment. Cisco’s bundled publication provides the full advisory list and CVEs to map against your deployed versions.