CVSS 10.0 flaw allows unauthenticated remote code execution as root.
The NCSC issued an advisory on April 2, 2026, detailing CVE-2026-20131, a critical vulnerability (CVSS 10.0) in Cisco Secure Firewall Management Center (FMC) software. The flaw allows an unauthenticated remote attacker to execute arbitrary Java code as root via insecure deserialization of user-supplied input in the web-based management interface. The vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog and is actively used by ransomware operators. The NCSC strongly recommends installing vendor updates with highest priority after testing.
Sources
NCSC Warns Critical Cisco FMC Flaw CVSS 10.0 Under Active Attack
More from Data Privacy & Cybersecurity Browse all →
CISA and CSIRT-ITA Flag Samsung MagicINFO Exploitation Wave
The Bureau of Industry and Security charged four companies in seven days for exporting controlled technology to Chinese end-users. The cluster suggests an enforcement push targeting semiconductor-adjacent supply chains rather than isolated violations.
April 27, 2026
Czech DPA Fines Avast 351M CZK for Unlawful Data Transfers
The Czech data protection authority fined Avast 351 million CZK for transferring pseudonymized browsing histories tied to unique identifiers from approximately 100 million users to its Jumpshot subsidiary despite claims of anonymization. The decision, final and binding, marks one of the larger GDPR penalties issued against a major technology company.
April 27, 2026
CISA and CERT-Bund Issue Three Advisories on Actively Exploited Apache ActiveMQ Flaws
CISA added two Apache ActiveMQ CVEs to its Known Exploited Vulnerabilities catalog citing active exploitation, while CERT-Bund simultaneously disclosed additional flaws in the software. The vulnerabilities allow authenticated attackers to achieve remote code execution through the Jolokia JMX-HTTP bridge.
April 23, 2026
Adobe Acrobat Zero-Day Under Active Exploitation, Three Agencies Warn
CVE-2026-34621, a critical Adobe Acrobat vulnerability allowing arbitrary code execution, is under active exploitation according to advisories from CSA Singapore, CERT-FR, and CISA. The agencies added multiple Adobe CVEs to exploit catalogs, signaling a coordinated attack campaign targeting unpatched systems.
April 18, 2026
Get the briefing in your inbox
The top regulatory stories, delivered daily. No noise.
Free. Unsubscribe anytime.