CVE-2026-20131

Received Received - Intake

Insecure Deserialization in Cisco FMC Enables Root Code Execution

Publication date: 2026-03-04

Last updated on: 2026-03-25

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-04

Last Modified

2026-03-25

Generated

2026-05-07

AI Q&A

2026-03-04

EPSS Evaluated

2026-05-05

NVD

CVE-2026-20131

EUVD

EUVD-2026-9444

Affected Vendors & Products

Vendor	Product	Version / Range
cisco	secure_firewall_management_center	7.2.5.2
cisco	secure_firewall_management_center	7.2.5.1
cisco	secure_firewall_management_center	7.2.5
cisco	secure_firewall_management_center	7.2.4.1
cisco	secure_firewall_management_center	7.2.4
cisco	secure_firewall_management_center	7.2.3.1
cisco	secure_firewall_management_center	7.2.3
cisco	secure_firewall_management_center	7.2.2
cisco	secure_firewall_management_center	7.2.1
cisco	secure_firewall_management_center	7.2.0.1
cisco	secure_firewall_management_center	7.2.0
cisco	secure_firewall_management_center	7.1.0.3
cisco	secure_firewall_management_center	7.1.0.2
cisco	secure_firewall_management_center	7.1.0.1
cisco	secure_firewall_management_center	7.1.0
cisco	secure_firewall_management_center	7.4.1.1
cisco	secure_firewall_management_center	7.4.1
cisco	secure_firewall_management_center	7.4.0
cisco	secure_firewall_management_center	7.3.1.2
cisco	secure_firewall_management_center	7.3.1.1
cisco	secure_firewall_management_center	7.3.1
cisco	secure_firewall_management_center	7.3.0
cisco	secure_firewall_management_center	7.0.6.1
cisco	secure_firewall_management_center	7.0.6
cisco	secure_firewall_management_center	7.0.5
cisco	secure_firewall_management_center	7.0.4
cisco	secure_firewall_management_center	7.0.3
cisco	secure_firewall_management_center	7.0.2.1
cisco	secure_firewall_management_center	7.0.2
cisco	secure_firewall_management_center	7.0.1.1
cisco	secure_firewall_management_center	7.0.1
cisco	secure_firewall_management_center	7.0.0.1
cisco	secure_firewall_management_center	7.0.0
cisco	secure_firewall_management_center	6.4.0.17
cisco	secure_firewall_management_center	6.4.0.16
cisco	secure_firewall_management_center	6.4.0.15
cisco	secure_firewall_management_center	6.4.0.14
cisco	secure_firewall_management_center	6.4.0.13
cisco	secure_firewall_management_center	7.2.8.1
cisco	secure_firewall_management_center	7.2.8
cisco	secure_firewall_management_center	7.2.7
cisco	secure_firewall_management_center	7.2.6
cisco	secure_firewall_management_center	7.0.6.2
cisco	secure_firewall_management_center	6.4.0.18
cisco	secure_firewall_management_center	7.4.2
cisco	secure_firewall_management_center	7.0.6.3
cisco	secure_firewall_management_center	7.0.7
cisco	secure_firewall_management_center	7.7.0
cisco	secure_firewall_management_center	7.2.9
cisco	secure_firewall_management_center	7.4.2.1
cisco	secure_firewall_management_center	7.6.0
cisco	secure_firewall_management_center	7.4.2.2
cisco	secure_firewall_management_center	10.0.0
cisco	secure_firewall_management_center	7.0.8
cisco	secure_firewall_management_center	7.0.8.1
cisco	secure_firewall_management_center	7.2.10
cisco	secure_firewall_management_center	7.2.10.1
cisco	secure_firewall_management_center	7.2.10.2
cisco	secure_firewall_management_center	7.4.2.3
cisco	secure_firewall_management_center	7.4.2.4
cisco	secure_firewall_management_center	7.4.3
cisco	secure_firewall_management_center	7.4.4
cisco	secure_firewall_management_center	7.4.5
cisco	secure_firewall_management_center	7.6.1
cisco	secure_firewall_management_center	7.6.2
cisco	secure_firewall_management_center	7.6.2.1
cisco	secure_firewall_management_center	7.6.3
cisco	secure_firewall_management_center	7.6.4
cisco	secure_firewall_management_center	7.7.10
cisco	secure_firewall_management_center	7.7.10.1
cisco	secure_firewall_management_center	7.7.11

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-502	The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Powered Q&A

What immediate steps should I take to mitigate this vulnerability?

There are no workarounds available to mitigate this vulnerability.

Cisco strongly recommends upgrading to fixed software releases to address this critical remote code execution vulnerability.

If the FMC management interface does not have public internet access, the attack surface is reduced, but this is not a full mitigation.

Customers should obtain fixed software through Cisco or authorized channels and ensure compatibility with existing hardware and configurations.

Can you explain this vulnerability to me?

CVE-2026-20131 is a critical vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software. It occurs due to insecure deserialization of user-supplied Java byte streams, which allows an unauthenticated remote attacker to send specially crafted serialized Java objects to the interface.

If exploited successfully, this vulnerability enables the attacker to execute arbitrary Java code with root privileges on the affected device, leading to full system compromise.

How can this vulnerability impact me? :

This vulnerability can have severe impacts including complete compromise of the affected device. An attacker can remotely execute arbitrary code as root without any authentication, which means they can take full control over the system.

Full system compromise with root privileges.
Complete loss of confidentiality, integrity, and availability of the device.
Potential disruption of firewall management and security operations.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'Cisco provides a Software Checker tool to help customers identify vulnerable software versions and the earliest fixed releases of Cisco Secure Firewall Management Center (FMC) Software.'}, {'type': 'paragraph', 'content': "Since the vulnerability arises from insecure deserialization in the web-based management interface, detection involves verifying the software version against known vulnerable versions using Cisco's provided tools."}, {'type': 'paragraph', 'content': 'No specific network or system commands are provided in the available resources to detect exploitation attempts or presence of the vulnerability.'}] [1]

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-20131

Insecure Deserialization in Cisco FMC Enables Root Code Execution

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart