Share
## https://sploitus.com/exploit?id=9DFEEBDB-038F-55FA-8BBD-64F3B6C29987
# ๐จ CVE-2026-20131 | Cisco FMC Critical RCE
Unauthenticated Remote Code Execution in Cisco Secure Firewall Management Center
---
## ๐ Overview
**A critical pre-authentication Java deserialization vulnerability** allowing remote attackers to achieve **root-level code execution** on Cisco FMC appliances.
---
### Key Information
| Attribute | Details |
|------------------------|----------------------------------|
| **Severity** | **Critical** |
| **CVSS Score** | **10.0** |
| **Vulnerability Type** | Java Deserialization |
| **Exploited In Wild** | Yes (Ransomware campaigns) |
| **Patch Available** | Yes |
---
## โจ Safe Vulnerability Checker
A beautiful, safe, and reliable detection tool for CVE-2026-20131.
## ๐ธ Demo
---
### Features
- Modern color-coded terminal output
- Smart FMC fingerprinting (reduces false positives)
- Automatic HTTP โ HTTPS fallback
- Version banner detection
- Clean & professional design
---
### Installation & Usage
```py
git clone https://github.com/0xBlackash/CVE-2026-20131.git
cd CVE-2026-20131
pip install requests colorama
sudo python3 CVE-2026-20131.py https://target-fmc.example.com
```
---
## ๐ก๏ธ Mitigation & Patching
**๐จ Immediate Action Required**
**Official Fix**: Upgrade to the latest patched version of Cisco Secure Firewall Management Center.
**[Cisco Security Advisory โ](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh)**
---
## ๐ Affected Versions
- Cisco FMC 6.4.x โ 10.0.x (check advisory for exact builds)
- Cisco Security Cloud Control (SCC) - Patched via maintenance
---
## โ ๏ธ Legal Disclaimer
**This repository is for educational and authorized security testing purposes only.**
Unauthorized scanning or exploitation of systems without explicit permission is illegal.
---
Made with โค๏ธ for the Cybersecurity Community
**Star โญ if you find this helpful!**