Do Son 
- Product: Cisco Identity Services Engine
- Vulnerabilities: 2 flaws (CVE-2026-20181, CVE-2026-20190)
- Highest severity: 9.1 (Critical)
- Worst impact: Remote Code Execution
- Status: No confirmed exploitation yet; patches available
- Action: Update to software 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3 now
Network administrators must remain vigilant as new Cisco ISE vulnerabilities have been publicly disclosed. Multiple severe flaws in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) pose significant threats to enterprise environments. These newly discovered security defects could allow attackers to execute arbitrary code or steal highly sensitive data. Organizations relying on these identity management solutions must prioritize patching immediately to prevent potential breaches.
Critical Remote Code Execution: CVE-2026-20181
The most severe issue is tracked as CVE-2026-20181, which carries a critical CVSS base score of 9.1. This specific flaw allows an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of the affected device. However, to successfully exploit this vulnerability, the attacker must already possess valid administrative credentials. The root cause of the flaw stems from insufficient validation of user-supplied input.
By sending a crafted HTTP request, a malicious actor can obtain user-level access and eventually elevate their privileges to root. Furthermore, in single-node deployments, a successful exploit could trigger a denial of service (DoS) condition. As Cisco notes in their report, “endpoints that have not already authenticated would be unable to access the network until the node is restored.”
Information Disclosure: CVE-2026-20190
Another serious concern among these Cisco ISE vulnerabilities is CVE-2026-20190. With a High CVSS score of 7.5, this flaw permits an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability exists due to improper authorization checks when a resource is accessed.
Attackers can exploit this by sending specially crafted traffic to the target system. A successful attack yields access to highly sensitive data, including hashed credentials, which could fuel further malicious campaigns. Importantly, Cisco clarifies the relationship between the bugs, stating, “The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability.”
Remediation and Patching
These issues affect both ISE and ISE-PIC products, regardless of their specific device configurations. Fortunately, Cisco has released software updates to address these severe risks. System administrators should consult the official Cisco security advisory to determine the appropriate upgrade paths for their network environment. For instance, users on version 3.3 must update to Patch 11, while version 3.4 users require Patch 6. Because there are no workarounds available, applying the latest software upgrades is the only effective defense strategy.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
