Changeflow GovPing Government & Legislation Critical Cisco FMC Remote Code Execution Vulner...
Urgent Guidance Added Final

Critical Cisco FMC Remote Code Execution Vulnerability CVE-2026-20131 CVSS 10.0

Favicon for www.ncsc.gov.ie Ireland NCSC Home
Published
Detected
Email

Summary

The NCSC issued an advisory on April 2, 2026, detailing CVE-2026-20131, a critical vulnerability (CVSS 10.0) in Cisco Secure Firewall Management Center (FMC) software. The flaw allows an unauthenticated remote attacker to execute arbitrary Java code as root via insecure deserialization of user-supplied input in the web-based management interface. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog and is actively used by ransomware operators. The NCSC strongly recommends installing vendor updates with highest priority after testing.

“A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.”

NCSC , verbatim from source
Published by NCSC on ncsc.gov.ie . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Ireland NCSC Home for new government & legislation regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

The NCSC published a critical vulnerability advisory for CVE-2026-20131 affecting Cisco Secure Firewall Management Center across seven version branches (6.4.0.13 prior to 7.0.9, 7.1.0 prior to 7.2.11, 7.3.0 prior to 7.4.6, 7.6.0 prior to 7.6.5, 7.7.0 prior to 7.7.12, 10.0.0 prior to 10.0.1, and 7.0.0 prior to 7.0.9). The vulnerability, which enables unauthenticated remote code execution as root via insecure Java deserialization, has been added to the CISA Known Exploited Vulnerabilities catalog and is confirmed in active ransomware campaigns targeting enterprise firewalls.

Affected organizations should treat this as an emergency patch priority. Organizations with FMC management interfaces exposed to the internet face the highest risk and should immediately restrict access. This advisory applies to all entities operating Cisco FMC appliances, including government agencies, enterprises, and managed service providers managing Cisco security infrastructure.

What to do next

  1. Install updates for vulnerable Cisco FMC systems with highest priority after thorough testing
  2. Review latest Cisco release notes and install relevant patches

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

NCSC Advisory

Cisco: Cisco Secure Firewall Management Center (FMC)

CVE-2026-20131

2nd, April 2026

STATUS: TLP:CLEAR

Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction. For more information on the Traffic Light Protocol, see https://www.first.org/tlp/. Please treat this document in accordance with the TLP assigned.

TLP: CLEAR

Description

CVE ID: CVE-2026-20131 Published: 2026-03-04 Vendor: Cisco Product: Secure Firewall Management Center (FMC) CVSS Score : 10.0 1

Products Affected

https://www.first.org/cvss/1

Tom Johnson House, Beggar's Bush, Dublin 4, Ireland, D04 K7X4 Cisco Secure Firewall Management Cisco Secure Firewall Management Cisco Secure Firewall Management Cisco Secure Firewall Management Cisco Secure Firewall Management Cisco Secure Firewall Management Cisco Secure Firewall ManagementT +353 (0)1 678 2333 E info@ncsc.gov.ie

ncsc.gov.ie Product Version 6.4.0.13 before 7.0.9 10.0.0 before 10.0.1 7.1.0 before 7.2.11 7.7.0 before 7.7.12 7.0.0 before 7.0.9 7.3.0 before 7.4.6 7.6.0 before 7.6.5 Center (FMC) Center (FMC) Center (FMC) Center (FMC) Center (FMC) Center (FMC) Center (FMC)

TLP: CLEAR

TLP: CLEAR

Impact

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Common Weakness Enumeration (CWE) : CWE-502: Deserialization of Untrusted Data 2 Known Exploited Vulnerability (KEV) catalog : Yes 3

Used by Ransomware Operators: Yes

Recommendations

The NCSC strongly recommends installing updates for vulnerable systems with the highest priority, after thorough testing. Affected organisations should review the latest release notes and install the relevant updates from Cisco.

https://nvd.nist.gov/vuln/detail/CVE-2026-20131https://www.cve.org/CVERecord?id=CVE-2026-20131https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-fmc-rce-NKhnULJh  https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams- identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/  https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE- 2026-20131

https://cwe.mitre.org2 https://www.cisa.gov/known-exploited-vulnerabilities-catalog3

Tom Johnson House, Beggar's Bush, Dublin 4, Ireland, D04 K7X4

T +353 (0)1 678 2333 E info@ncsc.gov.ie

ncsc.gov.ie TLP: CLEAR

Parties

Cisco

Related changes

Favicon for www.ncsc.gov.ie Critical Cisco IMC Authentication Bypass CVE-2026-20093 CVSS 9.8
Urgent Apr 23, 2026 Ireland NCSC Home Government & Legislation
Favicon for www.acn.gov.it Ruby ERB Remote Code Execution Vulnerability CVE-2026-41316
Priority review Apr 23, 2026 Italy ACN News alt Data Privacy & Cybersecurity
Favicon for www.ncsc.gov.ie Critical Improper Access Control Vulnerability in FortiClientEMS CVE-2026-35616
Urgent Apr 23, 2026 Ireland NCSC Home Government & Legislation

Get daily alerts for Ireland NCSC Home

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.ncsc.gov.ie
Ireland NCSC Home ncsc.gov.ie/news
Government & Legislation

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from NCSC.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
NCSC
Published
April 2nd, 2026
Instrument
Guidance
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Network security patching Security operations
Geographic scope
Ireland IE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Sanctions

Browse Categories

Agriculture & Food Safety 82 AI Regulation 3 Banking & Finance 505 Consumer Protection 136 Courts & Legal 473 Data Privacy & Cybersecurity 150 Defense & National Security 53 Education 64 Energy 124 Environment 170 Gaming 2 Government & Legislation 524 Healthcare 15 Healthcare & Life Sciences 396 Immigration 11 Insurance 90 Labor & Employment 191 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 75 Securities & Markets 175 Tax 108 Telecom & Technology 55 Trade & Sanctions 162 Transportation 118

Get alerts for this source

We'll email you when Ireland NCSC Home publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!