Lua Injection Vulnerability in Cisco Secure Firewall Products
CVE-2026-20008

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Firewall Adaptive Security Appliance (asa) Software; Cisco Secure Firewall Threat Defense (ftd) Software
Vendor: CVE Published:; 4 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20008?

A vulnerability exists in Cisco Secure Firewall ASA and FTD software due to insufficient input sanitation of CLI command parameters. An authenticated local attacker with valid Administrator credentials could exploit this weakness by crafting malicious Lua code. If successfully executed, the attacker may gain root access to the underlying operating system, leading to arbitrary code execution. This risk highlights the importance of secure coding practices and proper input validation to safeguard against potential exploits.

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.3

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2026
Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20008 Data

JSON