KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

10.0

CVSS
Critical

CVE-2026-20131

PUBLISHED

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

1 day faster than CISA KEV

Exploited in the wild Used in malware PoC available Remote Low complexity No user interaction

Vendor: Cisco
Product: Cisco Secure Firewall Management Center (FMC)
Published: Mar 04, 2026
EPSS: 1.7% · 83% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

cisa malware edge

Weaknesses (CWE)

CWE-502

Deserialization of Untrusted Data

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 12:10:30 UTC · CVE

Used in malware

Recorded 2026-06-02 14:02:44 UTC · CVE

Proof of concept available

Recorded 2026-03-06 07:06:56 UTC · GitHub

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 12:10 UTC
CISA	2026-06-02 14:02 UTC

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

sak110/CVE-2026-20131

github · Created 2026-03-11 01:30:51 UTC · 3 stars

p3Nt3st3r-sTAr/CVE-2026-20131-POC

github · Created 2026-03-06 07:06:56 UTC · 0 stars

Timeline

CVE ID Reserved

2025-10-08 11:59 UTC
CVE Published to Public

2026-03-04 17:17 UTC
Proof of Concept Exploit Available

2026-03-06 07:06 UTC
Added to KEVIntel

2026-06-01 12:10 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC
Exploit Used in Malware

2026-06-02 14:02 UTC