CVE-2026-20131
Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
In short
A flaw in Cisco Secure Firewall Management Center allows anyone on the network to send a specially crafted message that makes the device run malicious code with full administrator privileges, without needing to log in first.
Technical detail
Insecure deserialization of untrusted Java objects in the web-based management interface permits unauthenticated remote code execution as root. An attacker sends a crafted serialized Java byte stream to trigger arbitrary command execution; exposure is reduced if the management interface lacks public internet routing.
Summary generated and translated by AI from the official description.
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root.
Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Cisco · Cisco Secure Firewall Management Center (FMC)public PoCs found — 1
githubgithub.com/0xBlackash/CVE-2026-20131★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://aws.amazon.com/blogs/security/amazon-threat-intelligence-teams-identify-interlock-ransomware-campaign-targeting-enterprise-firewalls/https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJhhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20131