2026-03-26 · security
Federal agencies have been directed to immediately patch a critical remote code execution (RCE) flaw in Cisco Secure Firewall Management Center. The vulnerability, tracked as CVE-2026-20131, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog with a 72-hour remediation window.
With a perfect 10.0 CVSS score, this flaw allows unauthenticated attackers to execute arbitrary code on the management console. It is currently being exploited in the wild to exfiltrate sensitive configuration data from government and enterprise networks.
Organizations must verify that their Firewall Management Center is running the latest security patch. CISA also recommends limiting management console access to trusted internal IP ranges only, further reducing the exposure to external scanners.
Read Original Post →