Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First reported
Last updated
Happening score
H score 60
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered federal civilian agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) within three days or discontinue use if mitigations are unavailable. The directive responds to an actively exploited critical RCE that can let an unauthenticated attacker run code as root on affected devices. CISA placed the vulnerability in its KEV catalog on Thursday 19 March, signaling urgent exposure across government deployments.

Cases

Cisco FMC zero-day exploitation and KEV response (4)

Related Happenings

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Timeline

  1. 23.03.2026 12:30 1 articles · 2mo ago

    Interlock exploits Cisco FMC CVE-2026-20131

    Exploitation Observed

    Interlock ransomware actors are reported to have exploited CVE-2026-20131 in attacks against Cisco Secure Firewall Management Center (FMC) starting January 26, using the web-based management interface to gain initial access before post-exploitation activity.

    Show sources
    Open in new tab
  2. 23.03.2026 12:30 1 articles · 2mo ago

    Cisco patches CVE-2026-20131 in FMC

    Mitigation Patch Update

    Cisco patches the critical unauthenticated remote code execution flaw in Cisco Secure Firewall Management Center (FMC) on March 4 after reports that the Interlock ransomware group had been exploiting it as a zero day for several months.

    Show sources
    Open in new tab
  3. 23.03.2026 12:30 2 articles · 2mo ago

    CISA adds CVE-2026-20131 to KEV

    Legal Policy Action Update

    CISA adds CVE-2026-20131 to its Known Exploited Vulnerabilities (KEV) catalog on Thursday 19 March and gives federal civilian agencies three days to patch Cisco Secure Firewall Management Center (FMC) or discontinue use if mitigations are unavailable, warning that the CVE is known to be used in ransomware campaigns.

    Show sources
    Open in new tab
  4. 23.03.2026 12:30 1 articles · 2mo ago

    CISA urgent patch order for federal civilian agencies

    Initial Disclosure

    CISA tells federal civilian agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) after the flaw is described as a critical remote code execution issue that can let an unauthenticated remote attacker execute arbitrary Java code as root on an affected device.

    Show sources
    Open in new tab