CISA Adds Cisco Vulnerability CVE-2026-20131 to KEV Catalog

CISA ICS-CERT Advisories

Published March 19th, 2026

Detected March 19th, 2026

Summary

CISA has added CVE-2026-20131, a vulnerability in Cisco Secure Firewall Management Center Software and Cisco Security Cloud Control, to its Known Exploited Vulnerabilities (KEV) Catalog. This action is based on evidence of active exploitation and requires Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability.

View original document View source feed page

What changed

CISA has added a new vulnerability, CVE-2026-20131, affecting Cisco Secure Firewall Management Center Software and Cisco Security Cloud Control, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is due to evidence of active exploitation, highlighting it as a significant risk to the federal enterprise. The KEV Catalog is established under Binding Operational Directive (BOD) 22-01, which mandates Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by their due dates.

FCEB agencies must prioritize the remediation of CVE-2026-20131 to protect their networks. While BOD 22-01 specifically applies to FCEB agencies, CISA strongly recommends that all organizations implement timely remediation of vulnerabilities listed in the KEV Catalog as part of their standard vulnerability management practices to mitigate cyberattack risks.

What to do next

Federal Civilian Executive Branch (FCEB) agencies must remediate CVE-2026-20131 by the due date specified in BOD 22-01.
All organizations are strongly urged to prioritize remediation of CVE-2026-20131 as part of their vulnerability management practice.

Source document (simplified)

Alert

CISA Adds One Known Exploited Vulnerability to Catalog

Release Date

March 19, 2026

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.