Network Security

Critical Command Execution Vulnerability Patched in Cisco ISE

Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root.

Ionut Arghire

Published

3 hours ago

Cisco vulnerabilities

Cisco has released fixes for a critical-severity command execution vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).

Tracked as CVE-2026-20181 (CVSS score of 9.1), the issue exists because user-supplied input is improperly validated, allowing an attacker to send a crafted HTTP request and obtain user-level access to the underlying operating system. The attacker could then elevate their privileges to root.

“A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials,” Cisco explains.

In single-node deployments, an attacker could exploit the flaw to cause a denial-of-service (DoS) condition, preventing endpoints that have not already authenticated from accessing the network until the node is restored.

The bug was addressed with the release of ISE and ISE-PIC versions 3.3 Patch 11 and 3.4 Patch 6. A hotfix for ISE version 3.5 is also available and will be included in version 3.5 Patch 4 in August.

The updates also address a high-severity information disclosure defect, tracked as CVE-2026-20190, which could allow unauthenticated attackers to access sensitive data, such as hashed credentials.

Advertisement. Scroll to continue reading.

On Wednesday, Cisco also released fixes for medium-severity vulnerabilities in the Webex App, the Umbrella Virtual Appliance, and the Crosswork Network Controller that could lead to malicious redirects, privilege escalation, and arbitrary command execution.

The company says it is not aware of any of these security flaws being exploited in the wild. Additional information can be found on Cisco’s security advisories page.

In this article:Cisco, patches, vulnerability

Vulnerabilities

Atlassian, Splunk Patch Critical Vulnerabilities

Splunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies.

Ionut Arghire2 hours ago

Vulnerabilities

F5 Patches Critical, High-Severity NGINX Vulnerabilities

Critical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code.

Ionut Arghire3 hours ago

ICS/OT

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

The industrial automation giant has fixed security holes in Logix, CompactLogix, Flex, RSLinx, and FactoryTalk products.

Eduard Kovacs1 day ago

Vulnerabilities

Oracle’s Second Monthly Security Updates Deliver 245 Patches

Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products.

Eduard Kovacs1 day ago