Home Cisco CVE-2026-20131
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Cisco

CVE-2026-20131

Exploited

Cisco Secure Firewall Management Center (FMC) Software

Cisco CVSS 10 Updated March 23, 2026

Executive Risk Summary

"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream, allowing an attacker to send a crafted serialized Java object to the web-based management interface and potentially execute arbitrary code on the device."

Anticipated Attack Path

  1. 1. An attacker sends a crafted serialized Java object to the web-based management interface of a vulnerable Cisco FMC device.
  2. 2. The device deserializes the Java object, allowing the attacker to execute arbitrary Java code.
  3. 3. The attacker gains root access to the device, potentially allowing them to modify configuration files, steal sensitive data, or disrupt network operations.

Am I Vulnerable?

  • Is the Cisco FMC device exposed to the public internet?
  • Is the device running a vulnerable version of the FMC software?
  • Have any unusual or unauthorized access attempts been detected on the device?

Operational Audit Arsenal

Target Type Technical Object
Target Asset FMC-Web-Management-Interface
Standard Path Management Plane / Web UI

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Potential disruption to firewall management and network operations during patching

Internal Work Notes

Urgent: Potential RCE vulnerability in Cisco FMC software, requiring immediate patching and verification of device security.

Intelligence Sources

Official Advisoryhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
Official Advisoryhttps://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/
CISA KEV Cataloghttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20131

Related Cisco Threats

CVE-2026-20079 CVSS 10

Secure Firewall Management Center (FMC) Software
CVE-2026-20127 CVSS 10

Catalyst SD-WAN Controller - Peering Authentication
CVE-2025-20188 CVSS 10

Cisco IOS XE - Wireless LAN Controllers

Scope of Impact

Cisco Secure Firewall Management Center (Version 7.2.10.1)Cisco Secure Firewall Management Center (Version 7.0.2.1)Cisco Secure Firewall Management Center (Version 6.4.0.18)Cisco Secure Firewall Management Center (Version 7.1.0.3)Cisco Secure Firewall Management Center (Version 7.2.8.1)Cisco Secure Firewall Management Center (Version 6.4.0.13)Cisco Secure Firewall Management Center (Version 7.4.2.2)Cisco Secure Firewall Management Center (Version 7.0.4)Cisco Secure Firewall Management Center (Version 7.3.1.1)Cisco Secure Firewall Management Center (Version 7.0.8)Cisco Secure Firewall Management Center (Version 7.0.0.1)Cisco Secure Firewall Management Center (Version 7.7.11)Cisco Secure Firewall Management Center (Version 7.0.3)Cisco Secure Firewall Management Center (Version 7.0.0)Cisco Secure Firewall Management Center (Version 7.2.1)Cisco Secure Firewall Management Center (Version 7.0.7)Cisco Secure Firewall Management Center (Version 7.2.7)Cisco Secure Firewall Management Center (Version 7.4.0)Cisco Secure Firewall Management Center (Version 7.1.0)Cisco Secure Firewall Management Center (Version 7.0.6.3)Cisco Secure Firewall Management Center (Version 7.3.1.2)Cisco Secure Firewall Management Center (Version 7.4.1.1)Cisco Secure Firewall Management Center (Version 7.4.4)Cisco Secure Firewall Management Center (Version 10.0.0)Cisco Secure Firewall Management Center (Version 7.0.6.1)Cisco Secure Firewall Management Center (Version 7.6.2)Cisco Secure Firewall Management Center (Version 7.6.0)Cisco Secure Firewall Management Center (Version 7.0.5)Cisco Secure Firewall Management Center (Version 6.4.0.16)Cisco Secure Firewall Management Center (Version 7.2.4)Cisco Secure Firewall Management Center (Version 7.0.1.1)Cisco Secure Firewall Management Center (Version 7.2.0)Cisco Secure Firewall Management Center (Version 7.2.4.1)Cisco Secure Firewall Management Center (Version 7.2.9)Cisco Secure Firewall Management Center (Version 7.4.5)Cisco Secure Firewall Management Center (Version 7.6.2.1)Cisco Secure Firewall Management Center (Version 7.4.2.3)Cisco Secure Firewall Management Center (Version 6.4.0.17)Cisco Secure Firewall Management Center (Version 7.2.5)Cisco Secure Firewall Management Center (Version 7.2.8)Cisco Secure Firewall Management Center (Version 7.2.10)Cisco Secure Firewall Management Center (Version 7.6.4)Cisco Secure Firewall Management Center (Version 7.0.1)Cisco Secure Firewall Management Center (Version 7.0.2)Cisco Secure Firewall Management Center (Version 6.4.0.15)Cisco Secure Firewall Management Center (Version 7.2.3.1)Cisco Secure Firewall Management Center (Version 7.2.5.2)Cisco Secure Firewall Management Center (Version 7.2.10.2)Cisco Secure Firewall Management Center (Version 6.4.0.14)Cisco Secure Firewall Management Center (Version 7.4.2.1)Cisco Secure Firewall Management Center (Version 7.1.0.2)Cisco Secure Firewall Management Center (Version 7.2.6)Cisco Secure Firewall Management Center (Version 7.7.10.1)Cisco Secure Firewall Management Center (Version 7.2.5.1)Cisco Secure Firewall Management Center (Version 7.2.2)Cisco Secure Firewall Management Center (Version 7.2.0.1)Cisco Secure Firewall Management Center (Version 7.7.0)Cisco Secure Firewall Management Center (Version 7.0.8.1)Cisco Secure Firewall Management Center (Version 7.2.3)Cisco Secure Firewall Management Center (Version 7.1.0.1)Cisco Secure Firewall Management Center (Version 7.0.6.2)Cisco Secure Firewall Management Center (Version 7.4.2)Cisco Secure Firewall Management Center (Version 7.6.3)Cisco Secure Firewall Management Center (Version 7.6.1)Cisco Secure Firewall Management Center (Version 7.4.3)Cisco Secure Firewall Management Center (Version 7.0.6)Cisco Secure Firewall Management Center (Version 7.3.1)Cisco Secure Firewall Management Center (Version 7.7.10)Cisco Secure Firewall Management Center (Version 7.4.1)Cisco Secure Firewall Management Center (Version 7.4.2.4)Cisco Secure Firewall Management Center (Version 7.3.0)

Original NVD Description

"A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced."

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.