Serial number: AV26-197
Date: March 5, 2026
Updated: March 19, 2026
On March 4, 2026, Cisco published security advisories to address vulnerabilities in the following products. Included were critical updates for the following:
- Cisco Security Cloud Control (SCC) Firewall Management – all versions
- Cisco Secure Firewall Management Center (FMC) – all versions
- Cisco Secure Firewall Adaptive Security Appliance (ASA) – versions prior to 9.20.4.14
- Cisco Secure Firewall Threat Defense (FTD) – all versions
Update 1
On March 18, 2026, Cisco stated that CVE-2026-20131 is being actively exploited.
Update 2
On March 19, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20131 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.
- Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability
- Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
- Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability
- Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability
- Cisco Security Advisories
- CISA KEV: CVE-2026-20131