CVE-2026-20131 | defend.network

What is CVE-2026-20131?

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.

CVSS10 NVD 3.1

SeverityCRITICAL

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Added to KEV2026-03-19

Federal patch deadline2026-03-22

Known ransomware useKnown

Affected product

Cisco Secure Firewall Management Center (FMC)

References

Coverage on defend.network

Oracle Identity Manager, Langflow exploited; Trivy supply-chain worm (2026-03-21)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-20131?

CISA Known Exploited Vulnerability

Affected product

References

Coverage on defend.network

Get Critical CVE Alerts