A path traversal vulnerability (CVE-2026-20018) in the sftunnel functionality of Cisco Secure Firewall Management Center and Secure Firewall Threat Defense software allows an authenticated administrator to write arbitrary files as root due to insufficient path validation during file synchronization. The article does not provide a CVSS score, specific affected version ranges, or the exact fixed version numbers. Cisco has released software updates to address this vulnerability, and there are no available workarounds.
A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. This vulnerability is due to insufficient validation of the directory path during file synchronization. An attacker could exploit this vulnerability by crafting a directory path outside of the expected file location. A successful exploit could allow the attacker to create or replace any file on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dir-trav-wERgjhWq This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication . <br/>Security Impact Rating: Medium <br/>CVE: CVE-2026-20018