Recently, AWS published a report on a newly disclosed vulnerability affecting Cisco Firewall Management Center (CVE-2026-20131), with exploitation of its MadPot honeypot system detected in the wild. According to the AWS CTI team, exploitation activity dates back to at least January 26, even though Cisco did not release a patch until March 4.
This is the latest in a growing series of critical vulnerabilities affecting major security vendors and edge devices in 2026, including:
- CVE-2026-1281 — Ivanti Endpoint Manager Mobile (EPMM) — Published January 29, 2026: Critical unauthenticated remote code execution/code injection vulnerability. Ivanti stated that a limited number of customers had already been exploited, and CISA added it to the KEV catalog the same day.
- CVE-2026-1340 — Ivanti Endpoint Manager Mobile (EPMM) — Published January 29, 2026: Critical unauthenticated remote code execution/code injection vulnerability disclosed alongside CVE-2026-1281. Vendor and public analysis later described both flaws as actively exploited.
- CVE-2026-24858 — FortiOS / FortiGate— Published Januaruy 27, 2026 (also affecting FortiManager, FortiAnalyzer, FortiProxy, FortiSwitchManager, and FortiWeb when FortiCloud SSO is enabled): Critical authentication bypass/improper access control vulnerability via FortiCloud SSO. It allowed an attacker with a FortiCloud account and a registered device to access devices registered to other accounts. Fortinet stated that the issue had been exploited in the wild prior to disclosure.
And we are still not even out of Q1.
According to cve.icu, an excellent resource maintained by Jerry Gamblin, as of this writing 2026 has already seen 22% more published vulnerabilities than the same period in 2025.
For more information visit:
https://www.team-cymru.com/post/cyber-security-intelligence-edge-device-analysis
