Critical Vulnerability in Cisco Secure Firewall Management Center Allows Remote Code Execution
Cisco has recently identified a critical security vulnerability in its Secure Firewall Management Center (FMC) software, designated as CVE-2026-20131. This flaw enables unauthenticated, remote attackers to execute arbitrary Java code with root-level privileges on affected devices. The vulnerability arises from insecure deserialization of user-supplied Java byte streams within the web-based management interface. By sending a specially crafted serialized Java object to this interface, an attacker can exploit the flaw to gain complete control over the system. This issue affects all configurations of Cisco Secure FMC Software and Cisco Security Cloud Control (SCC) Firewall Management. Cisco has released software updates to address this vulnerability and strongly advises organizations to apply these updates promptly to secure their network infrastructure. ([cisco.com](https://www.cisco.com/content/en/us/support/docs/csa/cisco-sa-fmc-rce-NKhnULJh.html?utm_source=openai))
