Cisco FMC Zero-Day CVE-2026-20131 Exploited by Interlock Ransomware: What Network Security Engineers Must Do Now

CVE-2026-20131 is a CVSS 10.0 critical vulnerability in Cisco Secure Firewall Management Center (FMC) that allows unauthenticated remote attackers to execute arbitrary code as root through an insecure deserialization flaw in the web management interface. The Interlock ransomware group exploited it as a zero-day for 36 days before Cisco disclosed and patched it on March 4, 2026. If you run FMC to manage your FTD firewalls, stop reading and patch now — then come back. ...

March 21, 2026 · 12:40 AM MST · Security

Cisco Patches 48 ASA, FTD, and FMC Vulnerabilities in March 2026: What CCIE Security Candidates Must Know

Cisco dropped one of its largest security patch bundles in recent memory on March 4, 2026 — 25 advisories covering 48 vulnerabilities across Secure Firewall ASA, Secure FTD, and Secure FMC. Two of those flaws score a perfect CVSS 10.0. If you’re studying for CCIE Security, these are the exact platforms you’ll face on exam day, and understanding how they break is just as important as knowing how to configure them. ...

March 5, 2026 · 9:59 AM MST · Security