CVE-2026-20131

critical Cisco ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.7%
Exploitation probability in 30 days
Top 29% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: March 4, 2026 (70 days ago)
Last Modified: March 25, 2026
Vendor: Cisco
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-03-19
Remediation Due: 2026-03-22 (⚠ 53d overdue)
Ransomware Campaign: Known

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

CWE

CWE-502

Affected Products

cisco secure firewall management center

References

🔗 sec.cloudapps.cisco.com 🔗 aws.amazon.com 🔗 www.cisa.gov