By Phil Muncaster
Publication Date: 2026-03-23 10:30:00
The US Cybersecurity and Infrastructure Security Agency (CISA) has told all federal civilian agencies to patch a critical remote code execution (RCE) vulnerability in a Cisco firewall product, as ransomware actors circle.
CVE-2026-20131 affects the web-based management interface of Cisco Secure Firewall Management Center (FMC). With a maximum CVSS score of 10, it could “allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device,” according to the vendor.
It was patched by Cisco on March 4 after reports the Interlock ransomware group had been exploiting it as a zero day for several months.
CISA added the CVE to its known exploited vulnerabilities (KEV) catalog on Thursday 19 March, giving agencies just three days to patch it or “discontinue use of the product if mitigations are unavailable.”
That’s an unusually short timeline for CISA, reflective of the urgency of the situation. The entry also has a warning note attached…
