ACCORDING to Cisco, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2026-20131 as a deserialization of untrusted data vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management, which could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. The entry notes a related CWE: CWE-502 and marks the vulnerability as known to be used in ransomware campaigns.
Date added is 2026-03-19, with a due date of 2026-03-22. The action recommended in the KEV entry is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Additional links include Cisco Security Advisory and the NVD entry for CVE-2026-20131. This KEV listing emphasises prioritising vulnerability management and keeping pace with threat activity to defend networks.