Ref# ADV2026_172 Cisco Security Advisory – | Date: Mar 20th 2026

---

Cisco published a security advisory highlighting vulnerabilities in the following products on March 4th, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Cisco Security Cloud Control (SCC) Firewall Management – all versions 
• Cisco Secure Firewall Management Center (FMC) – all versions 
• Cisco Secure Firewall Adaptive Security Appliance (ASA) – versions prior to 9.20.4.14 
• Cisco Secure Firewall Threat Defense (FTD) – all versions 

Update 1 

Cisco stated that CVE-2026-20131 is being actively exploited on March 18, 2026. 

Update 2
Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20131 to their Known Exploited Vulnerabilities (KEV) Database on March 19, 2026. 

For more information on these updates, you can follow these URLs: 

• Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability 
• Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability 
• Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability 
• Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability 
• Cisco Security Advisories 
• CISA KEV: CVE-2026-20131 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Cisco_Security_Advisory

References 

• Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability. (n.b.). Retrieved from Cisco. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 
• Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability. (n.b.). Retrieved from Cisco. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-FCvLD6vR 
• Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-esp-dos-uv7yD8P5 
• CISA KEV: CVE-2026-20131. (n.b.). Retrieved from Cisco. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20131 
• Cisco Security Advisories. (n.b). Retrieved from Cisco. https://tools.cisco.com/security/center/publicationListing.x 
• Cisco security advisory. (March 19, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-197