CVE-2026-20131 – Cisco Secure Firewall – Critical RCE and Active Exploitation
“When your firewall can be taken over, your entire network becomes exposed.”
Cisco Secure Firewall patched two critical vulnerabilities that allow attackers to execute arbitrary code and fully compromise affected systems. These issues impact core firewall functionality, putting network boundaries, traffic inspection, and security enforcement at immediate risk.
CVE-2026-20079 has a CVSS score of 10.0, which is Critical severity. CVE-2026-20131 has a CVSS score of 10.0, which is Critical severity. These vulnerabilities require urgent attention due to their maximum severity and the potential for complete system takeover.
CVE-2026-20131 is confirmed to be actively exploited in the wild, significantly increasing the urgency for remediation. The patch addresses unsafe input handling and strengthens system protections to prevent remote code execution and unauthorized control.
Key Details
- Affected Product
- Cisco Secure Firewall Management Center
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-502