Cisco Identity Services Engine RCE and Information Disclosure Vulnerabilities (CVE-2026-20181 & CVE-2026-20190)
Cisco released security updates to address two vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2026-20181 & CVE-2026-20190, successful exploitation of the vulnerabilities may allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device.
Cisco mentioned in their advisory that they are unaware of any public announcements or malicious use of the vulnerabilities.
Cisco Identity Services Engine (ISE) is a network security system that helps ensure that only trusted users and devices can access resources on a network. ISE is a standard policy engine that enables endpoint access control and network device administration.
CVE-2026-20181: Cisco ISE and ISE-PIC Remote Code Execution Vulnerability
The vulnerability has a critical severity rating with a CVSS score of 9.1. The vulnerability stems from insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. Successful exploitation of the vulnerability could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial-of-service (DoS) condition. In that condition, endpoints that have not already been authenticated would be unable to access the network until the node is restored.
CVE-2026-20190: Cisco ISE and ISE-PIC Information Disclosure Vulnerability
The vulnerability has a high severity rating with a CVSS score of 7.5. This vulnerability originates from improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. Successful exploitation of the vulnerability could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Affected and Patched Versions
| Cisco ISE or ISE-PIC Release | First Fixed Release for CVE-2026-20181 | First Fixed Release for CVE-2026-20190 |
| Earlier than 3.3 | Migrate to a fixed release | Not vulnerable |
| 3.3 | 3.3 Patch 11 | Not vulnerable |
| 3.4 | 3.4 Patch 6 | 3.4 Patch 6 |
| 3.51,2 | 3.5 Patch 4 (Aug 2026) | 3.5 Patch 3 |
For more information, please refer to Cisco Security Advisory (cisco-sa-ise-multi-G5WP8vv).
Qualys Detection
Qualys customers can scan their devices with QIDs 317859 and 317860 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Comments are closed.