CVE-2026-20131

Confirmed PUBLISHED

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

Cisco · Cisco Secure Firewall Management Center (FMC)

1 day faster than CISA KEV

Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
10.0 Critical EPSS 27.6%

At a Glance

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

cisa edge malware
CVE Published
Mar 04, 2026
Exploitation Reported
Jun 01, 2026
CVSS
10.0 Critical
EPSS
27.6%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

70 version rows · page 2 of 3

Vendor Product Version Status
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.4

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.0.6

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.4.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.5

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.3.1.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.4.0

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

6.4.0.17

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.0.6.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.5.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.4.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.6

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.4.1.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.0.6.2

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

6.4.0.18

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.7

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.5.2

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.3.1.2

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.8

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.6.0

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.4.2

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.8.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.0.6.3

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.4.2.1

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.2.9

Affected
Cisco
Cisco Secure Firewall Management Center (FMC)

7.0.7

Affected

CVE References

  • cisco-sa-fmc-rce-NKhnULJh sec.cloudapps.cisco.com · CVE Record https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurity...

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.