Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
Summary
A new Interlock ransomware campaign is actively exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Center (FMC) software. The flaw, identified as CVE-2026-20131, allows unauthenticated remote attackers to gain root access through insecure deserialization. Amazon Threat Intelligence has issued a warning about this developing threat.
IFF Assessment
This is bad news for defenders because a critical zero-day vulnerability is being actively exploited, granting attackers root access and enabling ransomware deployment.
Severity
Defender Context
Defenders must urgently patch or mitigate Cisco FMC instances against CVE-2026-20131 to prevent further exploitation by Interlock ransomware. This incident highlights the importance of prompt vulnerability management and threat intelligence to detect and respond to zero-day attacks.