Caitlin Condon2d ago

After 2+ weeks of semi-painful exploit development, @yeslikethefood and team have a full RCA out for Cisco Secure Firewall Management Center (FMC) CVE-2026-20079.

The bug is a CVSS 10, but there are significant prerequisites that may limit exploitability in real-world scenarios. There are between 300 and 700 FMC systems on the public internet as of today.

https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

CVE-2026-20079 - Cisco FMC Authentication Bypass RCE Analysis | Blog | VulnCheck

VulnCheck's Initial Access Intelligence team analysis of CVE-2026-20079, an authentication bypass and remote code execution vulnerability in Cisco Secure Firewall Management Center.

VulnCheck
Show threadrkervell2d ago
@catc0n @yeslikethefood congrats, I gave up on this one after 10 days. CVE-2026-20131 was way easier to identify and exploit.
Show threadpoptart

@rkervell @catc0n yeah, we got that one within the week of analysis. I figured people were going to be able to figure out the GWT and SSRF policy stuff pretty consistently.

This one bothered me because I could see it but could find the exact path to put the pieces together. I became a bit obsessed to find the path 😆

Not pictured in the blog post, the many nights of staring at the session management logic.

Mar 27 at 4:39pmWeb
Show threadpoptart2d ago
@rkervell @catc0n and realizing that it was simply a double authentication request was infuriating. It always appears so simple after you detangle the rats nest.