216.73.217.22

CVE-2026-20131

· Published 04/03/2026 19:16 · Modified 14/04/2026 11:20 · Author: The MITRE Corporation

Labels: CVE-2026-20131 2026-03-04CVE-2026-20131CWE-502[email protected]

Essential information

Published
04/03/2026 19:16
Modified
14/04/2026 11:20
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
10.0 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CWE-502
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / cisco secure firewall management center cpe:2.3:a:cisco:cisco_secure_firewall_management_center:*:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (2)