Secure Firewall Management Center (FMC)

See the latest tracked release, confirm when it was published, and subscribe for update emails.

10.0 7.7 7.6 7.4 7.3 EOL 7.2 7.1 7.0

Current version

Last checked: yesterday

7.2.11

Release date: February 17, 2026
CVE status: 2 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version	Published	Notes
7.2.11	2026-02-17	Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE	Severity	Published	Status	Summary
CVE-2026-20131	CRITICAL (10.0)	2026-03-04	Current versionnot affected	A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. Affected versions 6.4.0.13 6.4.0.14 Show 69 more 6.4.0.15 6.4.0.16 6.4.0.17 6.4.0.18 7.0.0 7.0.0.1 7.0.1 7.0.1.1 7.0.2 7.0.2.1 7.0.3 7.0.4 7.0.5 7.0.6 7.0.6.1 7.0.6.2 7.0.6.3 7.0.7 7.0.8 7.0.8.1 7.1.0 7.1.0.1 7.1.0.2 7.1.0.3 7.2.0 7.2.0.1 7.2.1 7.2.2 7.2.3 7.2.3.1 7.2.4 7.2.4.1 7.2.5 7.2.5.1 7.2.5.2 7.2.6 7.2.7 7.2.8 7.2.8.1 7.2.9 7.2.10 7.2.10.1 7.2.10.2 7.3.0 7.3.1 7.3.1.1 7.3.1.2 7.4.0 7.4.1 7.4.1.1 7.4.2 7.4.2.1 7.4.2.2 7.4.2.3 7.4.2.4 7.4.3 7.4.4 7.4.5 7.6.0 7.6.1 7.6.2 7.6.2.1 7.6.3 7.6.4 7.7.0 7.7.10 7.7.10.1 7.7.11 10.0.0
CVE-2026-20002	HIGH (8.1)	2026-03-04	Current versionnot affected	A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests to an affected device. A successful exploit could allow the attacker to obtain full access to the database and read certain files on the underlying operating system. To exploit this vulnerability, the attacker would need valid user credentials. Affected versions 6.4.0 6.4.0.1 Show 77 more 6.4.0.3 6.4.0.2 6.4.0.4 6.4.0.5 6.4.0.6 6.4.0.7 6.4.0.8 6.4.0.9 6.4.0.10 6.4.0.11 6.4.0.12 6.4.0.13 6.4.0.14 6.4.0.15 6.4.0.16 6.4.0.17 6.4.0.18 7.0.0 7.0.0.1 7.0.1 7.0.1.1 7.0.2 7.0.2.1 7.0.3 7.0.4 7.0.5 7.0.6 7.0.6.1 7.0.6.2 7.0.6.3 7.0.7 7.0.8 7.0.8.1 7.1.0 7.1.0.1 7.1.0.2 7.1.0.3 7.2.0 7.2.1 7.2.2 7.2.0.1 7.2.3 7.2.3.1 7.2.4 7.2.4.1 7.2.5 7.2.5.1 7.2.6 7.2.7 7.2.5.2 7.2.8 7.2.8.1 7.2.9 7.2.10 7.2.10.2 7.2.10.1 7.3.0 7.3.1 7.3.1.1 7.3.1.2 7.4.0 7.4.1 7.4.1.1 7.4.2 7.4.2.1 7.4.2.2 7.4.2.3 7.4.2.4 7.4.3 7.6.0 7.6.1 7.6.2 7.6.2.1 7.6.3 7.7.0 7.7.10 7.7.10.1