Cisco Releases Emergency Patch for Critical Zero-Day Vulnerability in FMC

Cisco’s Product Security Incident Response Team (PSIRT) released an emergency patch for a critical zero-day vulnerability (CVE-2026-20131, CVSS 10.0) in Cisco Secure Firewall Management Center (FMC). The flaw allows unauthenticated remote attackers to execute arbitrary commands with root privileges. The ransomware group Interlock has been actively exploiting this zero-day. No specific timeline for the patch release or exploitation window was provided. The vulnerability affects Cisco FMC, though exact versions were not disclosed.