The Interlock ransomware group is actively exploiting CVE-2026-20131, a critical zero-day vulnerability in Cisco Secure Firewall Management Center (FMC) Software. The flaw involves insecure deserialization of user-supplied Java byte stream that allows unauthenticated, remote attackers to gain unauthorized access to affected systems.
The vulnerability carries a maximum CVSS score of 10.0, indicating the highest possible severity level. Amazon Threat Intelligence has identified this as part of an active ransomware campaign, suggesting immediate exploitation is occurring in the wild rather than theoretical proof-of-concept attacks.