Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 4, 2026

Cisco Firepower Management Center Software and Firepower Threat Defense Path Traversal Vulnerability

CVE-2026-20018

Description

A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system.

This vulnerability is due to insufficient validation of the directory path during file synchronization. An attacker could exploit this vulnerability by crafting a directory path outside of the expected file location. A successful exploit could allow the attacker to create or replace any file on the underlying operating system.

Affected products

Cisco Systems, Inc./Secure Firewall Management Centerllm-fuzzy
Cisco Systems, Inc./Cisco Secure Firewall Threat Defense (FTD) Softwarellm-fuzzy
Cisco/Cisco Secure Firewall Management Center (FMC)v5
Range: 7.0.0
Cisco/Cisco Secure Firewall Threat Defense (FTD) Softwarev5
Range: 7.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dir-trav-wERgjhWqmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000