CVE-2026-20131: Cisco Secure Firewall Management Center (FMC) Software and
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability. Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
- CISA KEV-listed (remediation due 2026-03-22)
- used in ransomware campaigns
- EPSS 1.7% (82.8% percentile)