The Interlock ransomware group is actively exploiting CVE-2026-20131 in Cisco Firepower Management Center, with confirmed exploitation activity dating to at least January 26, 2026. The CVSS base score is reported at 9.8; affected version ranges are unconfirmed from Cisco’s official advisory and must be verified at sec.cloudapps.cisco.com before taking version-specific action. Immediate priority actions are restricting management interface access to trusted hosts only and monitoring for the Cisco Security Advisory release; patch application should follow official guidance without delay.