Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First reported
Last updated
Happening score
H score 58
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered federal civilian agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) within three days or discontinue use if mitigations are unavailable. The directive responds to an actively exploited critical RCE that can let an unauthenticated attacker run code as root on affected devices. CISA placed the vulnerability in its KEV catalog on Thursday 19 March, signaling urgent exposure across government deployments.

Cases

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...

CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM

Public Sector Action
H score46 First: 26.06.2026 15:31 Last: 26.06.2026 15:31 Sources 1

About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...

CISA KEV remediation order for CVE-2026-48907

Public Sector Action
H score89 First: 17.06.2026 08:50 Last: 17.06.2026 08:50 Sources 1

About this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...

CISA adds CVE-2026-20262 to KEV and orders federal fixes

Public Sector Action
H score32 First: 16.06.2026 09:05 Last: 16.06.2026 09:05 Sources 1

About this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...

CISA KEV update and FCEB remediation deadline

Public Sector Action
H score33 First: 10.06.2026 17:44 Last: 10.06.2026 17:44 Sources 1

About this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...

Timeline

  1. 23.03.2026 12:30 1 articles · 3mo ago

    Interlock exploits Cisco FMC CVE-2026-20131

    Exploitation Observed

    Interlock ransomware actors are reported to have exploited CVE-2026-20131 in attacks against Cisco Secure Firewall Management Center (FMC) starting January 26, using the web-based management interface to gain initial access before post-exploitation activity.

    Show sources
  2. 23.03.2026 12:30 1 articles · 3mo ago

    Cisco patches CVE-2026-20131 in FMC

    Mitigation Patch Update

    Cisco patches the critical unauthenticated remote code execution flaw in Cisco Secure Firewall Management Center (FMC) on March 4 after reports that the Interlock ransomware group had been exploiting it as a zero day for several months.

    Show sources
  3. 23.03.2026 12:30 2 articles · 3mo ago

    CISA adds CVE-2026-20131 to KEV

    Legal Policy Action Update

    CISA adds CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog on Thursday 19 March and gives federal civilian agencies three days to patch Cisco Secure Firewall Management Center (FMC) or discontinue use if mitigations are unavailable, warning that the CVE is known to be used in ransomware campaigns.

    Show sources
  4. 23.03.2026 12:30 1 articles · 3mo ago

    CISA urgent patch order for federal civilian agencies

    Initial Disclosure

    CISA tells federal civilian agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) after the flaw is described as a critical remote code execution issue that can let an unauthenticated remote attacker execute arbitrary Java code as root on an affected device.

    Show sources