CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 22, 2026

CVE-2026-20131

High

EPSS 0.8%CISA KEVRansomware

Cisco/Secure Firewall Management Center (FMC)

Description

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

EPSS — Exploit Probability

0.8%

Higher than 74.1% of all CVEs

Required Action

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh ; https://nvd.nist.gov/vuln/detail/CVE-2026-20131

Related Articles (8)

Industry News

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.

Mar 5, 2026

Industry News

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.

Mar 19, 2026

Vulnerabilities

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

Mar 19, 2026

Industry News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Interlock ransomware is actively exploiting CVE-2026-20131 (CVSS 10.0) in Cisco FMC, enabling unauthenticated remote code execution as root.

Mar 18, 2026

Malware & Threats

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January.

Mar 18, 2026

Industry News

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Amazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia.

Mar 19, 2026

Industry News

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Trivy backdoored, FBI buys location data, iOS DarkSword kit, WhatsApp usernames, Langflow RCE, Cisco FMC zero-day & critical CVEs to patch.

Mar 23, 2026

Malware & Threats

CISA orders feds to patch max-severity Cisco flaw by Sunday

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22.

Mar 20, 2026

Risk Assessment

HIGH

In CISA KEV

Ransomware

Details

Severity: High
EPSS: 0.8%
CISA KEV: Yes
Ransomware: Known
Articles: 8

Timeline

Published

Mar 19, 2026

Added to KEV

Mar 19, 2026

Remediation Due

Mar 22, 2026

Affected Product

Cisco

Secure Firewall Management Center (FMC)

View all Cisco CVEs

External Links

NVD (NIST)CVE Details MITRE CVE