Cisco has revealed serious security flaws in its Identity Services Engine (ISE) that could permit attackers to remotely execute malicious code, thereby endangering enterprise networks. These vulnerabilities, identified as CVE-2026-20181 and CVE-2026-20190, were detailed in advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026.
Cisco ISE Vulnerability Details
Rated with a CVSS score of 9.1, these vulnerabilities affect all configurations of Cisco ISE and the ISE Passive Identity Connector (ISE-PIC). The most critical flaw, CVE-2026-20181, involves a remote code execution (RCE) vulnerability due to inadequate validation of user inputs.
An attacker with administrative access could exploit this by sending a manipulated HTTP request to the system, potentially executing arbitrary commands. This could escalate from user-level access to full root control, particularly impacting single-node deployments by causing denial-of-service conditions.
Impact of the Vulnerabilities
The second vulnerability, CVE-2026-20190, results from weak authorization checks, allowing unauthenticated remote attackers to access sensitive data. This issue enables attackers to retrieve information such as hashed credentials, which could be used for further network intrusions.
These vulnerabilities affect all versions of ISE and ISE-PIC, though specific impacts vary by version. Cisco has issued patches for ISE 3.3 Patch 11 and ISE 3.4 Patch 6, with updates for ISE 3.5 Patch 4 expected by August 2026. Older versions require migration to supported releases, as no workarounds are available.
Response and Recommendations
Cisco’s Product Security Incident Response Team (PSIRT) reports no current active exploitation, yet emphasizes the importance of timely updates due to the vulnerabilities’ high severity. The issues were responsibly disclosed by security experts from TrendAI, STAR Labs, and the Zero Day Initiative.
Organizations utilizing Cisco ISE are urged to evaluate their risk exposure and implement necessary software updates immediately. Additional security measures include limiting administrative access, monitoring logs for unusual HTTP requests, and reviewing authentication processes.
These vulnerabilities highlight the crucial importance of secure identity infrastructure in protecting enterprise networks from potential breaches. Stay informed by following us on Google News, LinkedIn, and X for ongoing updates.
