Cisco Firewall Management Flaw Scores Perfect 10 — Patch Immediately

A maximum-severity vulnerability in Cisco Secure Firewall Management Center (FMC) is being actively exploited in the wild, and CISA has added it to the Known Exploited Vulnerabilities catalog. If your organisation uses Cisco firewalls, this one demands immediate attention.

As reported by Abstract Security, CVE-2026-20131 carries a CVSS score of 10.0 — the maximum possible. The flaw sits in the web-based management interface of Cisco FMC and stems from insecure deserialisation of Java objects. An unauthenticated attacker can send a single crafted request to execute arbitrary code and gain root-level access to the management platform. No credentials required.

That matters because FMC is the central brain for Cisco firewall deployments. Whoever controls it controls your firewall policies, security rules, and network access. Both on-premises FMC software and Cisco Security Cloud Control deployments are affected. AWS threat intelligence teams observed exploitation activity as early as January 2026, well before Cisco publicly disclosed the flaw in March. The Interlock ransomware group has been linked to active exploitation campaigns targeting this vulnerability.

Here is what to do right now: check your Cisco FMC version under System → Information → Version. Use Cisco’s Software Checker to identify the patched release for your version. Apply the update immediately. While you are at it, make sure your FMC management interface is not exposed to the internet — it should only be accessible from your internal network. Review access logs for any unusual activity, and rotate any credentials that may have been accessible through the management console.

If your IT team needs help assessing whether your Cisco environment is affected, All IT Services can run a vulnerability assessment and ensure your firewall management is properly secured.