CVE-2026-20131 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: March 4, 2026
Cisco Secure Firewall Management Center - Remote Code Execution & Privilege Escalation
Published: March 4, 2026Updated: March 4, 2026Remote Exploitable
Overview
Cisco Secure Firewall Management Center contains an insecure deserialization vulnerability caused by processing user-supplied Java byte streams in the web-based management interface, letting unauthenticated remote attackers execute arbitrary Java code as root, exploit requires access to the management interface.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Unauthenticated remote attackers can execute arbitrary code as root, leading to full system compromise.
Mitigation
Update to the latest available version of Cisco Secure Firewall Management Center.
Related Resources
Details
- CVE ID
- CVE-2026-20131
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- insecure_deserialization
- Status
- new
CWE
- CWE-502
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H