theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-20131

CISA KEV

Published March 19, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2026-20131: Cisco FMC Unsafe Deserialization RCE** An unauthenticated remote attacker can exploit unsafe Java deserialization in Cisco Secure Firewall Management Center (FMC) and Security Cloud Control (SCC) Firewall Management web interfaces to execute arbitrary code with root privileges. This requires no authentication and affects the management plane directly. **Immediate actions:** Isolate affected FMC and SCC instances from untrusted networks, apply Cisco patches immediately when available, and monitor firewall management interfaces for suspicious deserialization payloads. If patching is delayed, restrict web management access via network segmentation or firewall rules to known administrator IP ranges only.

Official Description+

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

Affected Products

VendorProduct
CiscoSecure Firewall Management Center (FMC)

Patch Status

Patch by 2026-03-22

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2026-20131.

Related Coverage

Vvulnerability

CVE-2026-20131: Unauthenticated RCE via Java Deserialization in Cisco FMC and Security Cloud Control

CVE-2026-20131 is an unauthenticated remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) and Security Cloud Control (SCC) caused by unsafe deserialization of Java objects in the web management interface. Successful exploitation grants root-level access to the management appliance and full control over all managed firewalls. CISA has mandated federal agency patching by March 22, 2026; organizations should immediately isolate management interfaces and monitor for patches.

CISA KEV·15d ago·4 min read