Cisco Secure Firewall Management Center (FMC) authentication bypass and RCE flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Cisco Secure Firewall Management Center (FMC) has two maximum-severity flaws, CVE-2026-20079 and CVE-2026-20131, that can let unauthenticated attackers take over unpatched devices. One flaw can yield root access through crafted HTTP requests, and the other can execute arbitrary Java code as root via a crafted serialized Java object sent to the web-based management interface. Cisco released security updates on March 4, and the impact matters because FMC is the administrative nerve center for firewall policy and protection controls. CISA later added CVE-2026-20131 to the KEV catalog and ordered federal civilian agencies to patch it quickly after reports of active exploitation and use in ransomware campaigns.
Cases
Related Happenings
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/Service
First: 12.05.2026 09:55
Last: 12.05.2026 09:55
Sources 1
About this happening:
OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation
Security Tool/ServiceAbout this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
Vulnerability
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
Popular open-source web-based system administration tool zero-day 2FA-bypass security flaw
VulnerabilityAbout this happening: An **AI-assisted zero-day** in a **popular open-source web-based system administration tool** created a **2FA-bypass** risk before the flaw was closed by the vendor. **GTIG** said...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
Trellix hit by network compromise
Incident
First: 02.05.2026 09:41
Last: 02.05.2026 09:41
Sources 1
About this happening:
**Trellix** confirmed a **breach** that gave attackers **unauthorized access** to a **portion of its source code**, creating potential security and intellectual-property risk. The...
Trellix hit by network compromise
IncidentAbout this happening: **Trellix** confirmed a **breach** that gave attackers **unauthorized access** to a **portion of its source code**, creating potential security and intellectual-property risk. The...
Latest development: 08.05.2026 16:23
RansomHouse claimed responsibility for the Trellix source code repository breach, posted screenshots from Trellix's appliance management system as proof, and said the intrusion occurred on April 17 and resulted in data encryption.
Federal civilian executive branch agency hit by network compromise
Incident
First: 24.04.2026 23:34
Last: 24.04.2026 23:34
Sources 1
About this happening:
A **federal civilian executive branch agency** was compromised in an **early September 2025** intrusion that left attackers with persistent access on **Cisco Firepower** and **Sec...
Federal civilian executive branch agency hit by network compromise
IncidentAbout this happening: A **federal civilian executive branch agency** was compromised in an **early September 2025** intrusion that left attackers with persistent access on **Cisco Firepower** and **Sec...
Timeline
-
20.03.2026 17:09 2 articles · 2mo ago
CISA orders FCEB agencies to patch Cisco FMC CVE-2026-20131
Legal Policy Action UpdateCISA ordered Federal Civilian Executive Branch agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco and Amazon threat intelligence reported active exploitation; Cisco updated its bulletin on March 18 to warn that the vulnerability in the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root, and CISA added the CVE to its KEV catalog as known to be used in ransomware campaigns.
Show sources
- CISA orders feds to patch max-severity Cisco flaw by Sunday — www.bleepingcomputer.com — 20.03.2026 17:09
- CISA Orders US Government to Patch Maximum Severity Cisco Flaw — www.infosecurity-magazine.com — 23.03.2026 12:30
-
04.03.2026 21:12 1 articles · 2mo ago
Cisco releases Secure Firewall Management Center patches for two maximum-severity flaws
Mitigation Patch UpdateCisco released security updates for Secure Firewall Management Center (FMC) on 2026-03-04 to fix two maximum-severity vulnerabilities, CVE-2026-20079 and CVE-2026-20131. CVE-2026-20079 can let unauthenticated remote attackers gain root access through crafted HTTP requests, while CVE-2026-20131 can let them execute arbitrary Java code as root through a crafted serialized Java object; CVE-2026-20131 also affects Cisco Security Cloud Control (SCC) Firewall Management. Cisco Product Security Incident Response Team (PSIRT) says there is no evidence of exploitation or public proof-of-concept code.
Show sources
- Cisco warns of max severity Secure FMC flaws giving root access — www.bleepingcomputer.com — 04.03.2026 21:12