CISA Adds One Known Exploited Vulnerability to Catalog

Release Date: March 19, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog with the addition of one new vulnerability that has been confirmed to be under active exploitation in the wild.

The newly added vulnerability is:

• CVE-2026-20131 - A deserialization of untrusted data vulnerability affecting Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management systems

This vulnerability represents a particularly dangerous class of security flaws that cyberthreat actors frequently leverage as attack vectors, creating substantial risk for federal government networks and infrastructure.

The KEV Catalog serves as a comprehensive, continuously updated repository of Common Vulnerabilities and Exposures (CVEs) that present critical risks to federal operations. This catalog was established under Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, which mandates that Federal Civilian Executive Branch (FCEB) agencies address these identified vulnerabilities within specified timeframes to safeguard federal networks against active cyber threats.

While BOD 22-01's requirements specifically target FCEB agencies, CISA emphasizes that organizations across all sectors should prioritize the remediation of KEV Catalog vulnerabilities as a cornerstone of their cybersecurity strategy. By addressing these actively exploited vulnerabilities promptly, organizations can significantly reduce their attack surface and enhance their overall security posture.

CISA maintains its commitment to continuously monitoring the threat landscape and will add additional vulnerabilities to the catalog as they meet the established criteria for inclusion.