Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco Secure Firewall Management Center (FMC) patch release for CVE-2026-20131 and CVE-2026-20079 addressed CVSS 10 flaws that could let an unauthenticated remote attacker gain root or execute arbitrary code on affected devices. Cisco patched the issues on March 4, and later reporting said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day for months, prompting CISA to order federal civilian agencies to patch by March 22.
Cases
Related Happenings
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/Mitigation
H score35
First: 15.06.2026 09:17
Last: 15.06.2026 09:17
Sources 1
About this happening:
Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/MitigationAbout this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation Wave
H score47
First: 08.06.2026 17:17
Last: 08.06.2026 17:17
Sources 1
About this happening:
**CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Check Point security patch release for CVE-2026-50751
Security Patch Release
H score48
First: 08.06.2026 16:05
Last: 08.06.2026 16:05
Sources 1
About this happening:
**Check Point** released **security updates** to patch **CVE-2026-50751** in **Remote Access VPN** and **Mobile Access** deployments. The update addressed a **critical authenticat...
Check Point security patch release for CVE-2026-50751
Security Patch ReleaseAbout this happening: **Check Point** released **security updates** to patch **CVE-2026-50751** in **Remote Access VPN** and **Mobile Access** deployments. The update addressed a **critical authenticat...
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch Release
H score56
First: 04.06.2026 14:09
Last: 04.06.2026 14:09
Sources 1
About this happening:
Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch ReleaseAbout this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
Timeline
-
20.03.2026 17:09 1 articles · 3mo ago
CISA orders patching of Cisco FMC CVE-2026-20131
Legal Policy Action UpdateCISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
Show sources
- CISA orders feds to patch max-severity Cisco flaw by Sunday — www.bleepingcomputer.com — 20.03.2026 17:09
-
05.03.2026 12:30 2 articles · 4mo ago
Cisco releases patches for 48 Secure Firewall vulnerabilities
Mitigation Patch UpdateCisco released 25 joint security advisories on March 4, 2026 covering security patches for 48 vulnerabilities across Cisco Secure Firewall Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Secure Firewall Threat Defense (FTD). The bundle includes CVE-2026-20079 and CVE-2026-20131, both CVSS 10 flaws in Cisco Secure FMC software; Cisco said there are no workarounds and urged customers to upgrade to the fixed software indicated in the advisories.
Show sources
- Cisco Issues Patches for 48 Vulnerabilities in Enterprise Networking Products — www.infosecurity-magazine.com — 05.03.2026 12:30
- Ransomware gang exploits Cisco flaw in zero-day attacks since January — www.bleepingcomputer.com — 18.03.2026 18:53
-
04.03.2026 21:12 2 articles · 4mo ago
Cisco releases Secure Firewall Management Center security updates
Mitigation Patch UpdateCisco released security updates for Secure Firewall Management Center (FMC) to address CVE-2026-20079 and CVE-2026-20131, two maximum-severity flaws that unauthenticated remote attackers could exploit to gain root access or execute arbitrary Java code as root on unpatched devices. Cisco Security Cloud Control (SCC) Firewall Management is also affected by CVE-2026-20131, and Cisco PSIRT says there is no evidence of exploitation or published PoC code.
Show sources
- Cisco warns of max severity Secure FMC flaws giving root access — www.bleepingcomputer.com — 04.03.2026 21:12
- CISA Orders US Government to Patch Maximum Severity Cisco Flaw — www.infosecurity-magazine.com — 23.03.2026 12:30