Different vulnerabilities
Of the remaining flaws, an additional six are rated ‘excessive’, with CVSS scores of between 7.2 and eight.6. These embrace the Firewall Administration Heart SQL injection vulnerabilities CVE-2026-20001, CVE-2026-20002, and CVE-2026-20003, all remotely exploitable by an authenticated attacker. Once more, no workarounds are attainable.
CVE-2026-20039, rated 8.6 (‘crucial’), is a flaw affecting the VPN internet server in Cisco Safe Firewall Adaptive Safety Equipment (ASA) Software program and Cisco Safe Firewall Menace Protection (FTD) Software program which might permit an unauthenticated attacker to induce a denial of service state.
Moreover, CVE-2026-20082, additionally rated 8.6, might permit an unauthenticated attacker to trigger incoming TCP SYN packets to be dropped incorrectly within the Cisco Safe Firewall Adaptive Safety Equipment (ASA) Software program.
