Affected Vendors This Week
- Cisco: 49 CVEs (2 critical, 11 high, 36 medium)
- TP-Link: 2 CVEs (0 critical, 2 high, 0 medium)
This week marks a significant security event dominated by Cisco Secure Firewall vulnerabilities. With 49 new CVEs — including two perfect-score critical flaws — organizations managing Cisco infrastructure should treat this as a priority patching week.
Critical Vulnerabilities Demand Immediate Attention
Two critical vulnerabilities in Cisco Secure Firewall Management Center (FMC) Software pose extreme risk to organizations relying on these systems for centralized threat management:
- CVE-2026-20131 (CVSS 10.0) allows unauthenticated, remote attackers to execute arbitrary Java code as root through the web-based management interface. This represents complete system compromise with no authentication barrier.
- CVE-2026-20079 (CVSS 10.0) enables unauthenticated attackers to bypass authentication entirely and execute script files on affected systems, again through the web interface.
Action required: If you manage Cisco FMC deployments, apply patches immediately. These flaws are network-reachable, require no user interaction, and grant full system access. Do not delay.
High-Severity VPN and Authentication Bypass Issues
Beyond the two critical flaws, Cisco's Secure Firewall suite — including ASA and Threat Defense (FTD) products — contains multiple high-severity issues:
- CVE-2026-20103 and CVE-2026-20105 (CVSS 8.6 and 7.7) affect Remote Access SSL VPN functionality, allowing unauthenticated attackers to cause device malfunction or trigger denial-of-service conditions.
- CVE-2026-20101 (CVSS 8.6) exploits the SAML 2.0 SSO feature to allow unauthenticated attackers to cause denial of service.
- CVE-2026-20082 (CVSS 8.6) targets embryonic connection handling, permitting DoS attacks against the firewall itself.
- CVE-2026-20039 (CVSS 8.6) impacts the VPN web server, again allowing unauthenticated remote exploitation.
- CVE-2026-20002 (CVSS 8.1) introduces SQL injection in FMC's management interface, though this requires prior authentication.
The concentration of VPN and authentication-related vulnerabilities suggests attackers could target remote access points and cloud-connected firewall infrastructure. Organizations should prioritize patching VPN-facing components.
TP-Link Deco BE25 Path Traversal and Command Injection
TP-Link contributes two high-severity vulnerabilities in the Deco BE25 mesh router (v1.0):
- CVE-2026-0655 (CVSS 8.0) is a path traversal flaw allowing authenticated adjacent attackers to read arbitrary files from the device.
- CVE-2026-0654 (CVSS 8.0) enables OS command injection through improper input handling in the web administration interface, also requiring authentication but allowing full command execution.
While these require authentication, they represent lateral movement risks in office or home networks where an attacker has gained user-level access. Update TP-Link Deco BE25 devices to the latest firmware immediately.
This Week in Numbers
51 new router and firewall CVEs arrived this week: 2 critical, 12 high, and 37 medium-severity. The heavy weighting toward Cisco (96% of critical and high-severity bugs) reflects the complexity and widespread deployment of Cisco Secure Firewall platforms. Medium-severity issues span both vendors and should be addressed within standard patching windows, but critical and high-severity flaws require emergency response protocols.
Next steps: Check your vulnerability management platform for patch availability, assess your Cisco FMC and firewall versions against the critical CVE list, and schedule emergency updates for production systems. For TP-Link users, verify Deco BE25 firmware versions and apply updates to affected v1.0 devices.