CVE-2026-20131

CRITICAL

Cisco FMC - Deserialization

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Exploits (3)

github TROJAN 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-20131
nomisec SCANNER
by Sushilsin · poc
https://github.com/Sushilsin/CVE-2026-20131
nomisec TROJAN
by p3Nt3st3r-sTAr · poc
https://github.com/p3Nt3st3r-sTAr/CVE-2026-20131-POC

References (1)

Scores

CVSS v3 10.0
EPSS 0.0044
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-502
Status draft

Timeline

Published Mar 04, 2026
Tracked Since Mar 05, 2026