CVE-2026-20131 (CVSS 9.8) is a critical authentication bypass in Cisco Secure Firewall Management Center (on-premises), allowing unauthenticated remote attackers to execute arbitrary code on the FMC appliance and effectively seize control of an organization’s firewall policy infrastructure. CISA has issued guidance for federal agencies to patch immediately. Immediate actions: restrict FMC management interface access to authorized hosts via network ACLs now, obtain affected version ranges and patched builds from Cisco advisory cisco-sa-onprem-fmc-authbypass-5JPp45V2, and treat any externally accessible FMC as a confirmed emergency remediation event.