ACCORDING to CISA, the U.S. Cybersecurity and Infrastructure Security Agency, a flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management has been added to the Known Exploited Vulnerabilities catalog, tracked as CVE-2026-20131 with a CVSS score of 10.0.
The vulnerability resides in FMC’s web-based management interface and could allow an unauthenticated, remote attacker to execute arbitrary Java code as root by exploiting insecure deserialization of a crafted Java object. Cisco addressed the flaw in early March 2026, and Interlock ransomware operators have been exploiting the zero‑day since late January 2026, with activity first observed starting on 26 January 2026.
The advisory notes that a successful exploit could enable arbitrary code execution and privilege escalation on affected devices. CISA has required FCEB agencies to address the vulnerability by 22 March 2026 to protect networks from attacks leveraging the flaw.