Share
## https://sploitus.com/exploit?id=9DFEEBDB-038F-55FA-8BBD-64F3B6C29987
# ๐Ÿšจ CVE-2026-20131 | Cisco FMC Critical RCE


  
  Unauthenticated Remote Code Execution in Cisco Secure Firewall Management Center

  
  
  
  
  



---

## ๐Ÿ“Œ Overview

**A critical pre-authentication Java deserialization vulnerability** allowing remote attackers to achieve **root-level code execution** on Cisco FMC appliances.

---

### Key Information

| Attribute              | Details                          |
|------------------------|----------------------------------|
| **Severity**           | **Critical**                     |
| **CVSS Score**         | **10.0**                         |
| **Vulnerability Type** | Java Deserialization             |
| **Exploited In Wild**  | Yes (Ransomware campaigns)       |
| **Patch Available**    | Yes                              |

---

## โœจ Safe Vulnerability Checker

A beautiful, safe, and reliable detection tool for CVE-2026-20131.

## ๐Ÿ“ธ Demo



---

### Features

- Modern color-coded terminal output
- Smart FMC fingerprinting (reduces false positives)
- Automatic HTTP โ†’ HTTPS fallback
- Version banner detection
- Clean & professional design

---

### Installation & Usage

```py
git clone https://github.com/0xBlackash/CVE-2026-20131.git

cd CVE-2026-20131

pip install requests colorama

sudo python3 CVE-2026-20131.py https://target-fmc.example.com
```

---

## ๐Ÿ›ก๏ธ Mitigation & Patching

**๐Ÿšจ Immediate Action Required**

**Official Fix**: Upgrade to the latest patched version of Cisco Secure Firewall Management Center.

**[Cisco Security Advisory โ†’](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh)**

---

## ๐Ÿ“‹ Affected Versions

- Cisco FMC 6.4.x โ†’ 10.0.x (check advisory for exact builds)
- Cisco Security Cloud Control (SCC) - Patched via maintenance

---

## โš ๏ธ Legal Disclaimer



**This repository is for educational and authorized security testing purposes only.**

Unauthorized scanning or exploitation of systems without explicit permission is illegal.



---



Made with โค๏ธ for the Cybersecurity Community

**Star โญ if you find this helpful!**