What is the CVSS score of CVE-2026-20131?

CVE-2026-20131 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Java are affected by CVE-2026-20131?

A critical vulnerability (CVSS 10.0) in Cisco Secure Firewall Management Center allows unauthenticated remote attackers to execute arbitrary code with root privileges.

Is there a public PoC exploit available for CVE-2026-20131?

Yes, a public proof-of-concept exploit is available for CVE-2026-20131. Prioritise patching immediately. EPSS: 0.6%.

Java CVE-2026-20131

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2026-03-04 [email protected]

Cisco Java Deserialization RCE

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

Mar 25, 2026 - 17:39 cisa

CISA KEV

PoC Detected

Mar 25, 2026 - 17:39 vuln.today

Public exploit code

Government Alert

Mar 25, 2026 - 17:39 cert

Government exploitation alert

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 04, 2026 - 18:16 nvd

CRITICAL 10.0

DescriptionNVD

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

AnalysisAI

Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic.

RemediationAI

Within 24 hours: Isolate affected FMC instances from untrusted networks and restrict management interface access to authorized IP ranges only. Within 7 days: Implement network segmentation to limit FMC exposure and conduct forensic review of access logs for exploitation attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory