CVE-2026-20181
published 2026-06-17CVE-2026-20181: A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an…
PriorityP262critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.75%
50.2th percentile
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Affected
93 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | cisco_identity_services_engine_software | — | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cvelistv5v3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
Cisco Identity Services Engine Remote Code Execution Vulnerability
cvelistv5·2026-06-17·CVSS 9.1
CVE-2026-20181 [CRITICAL] CWE-22 Cisco Identity Services Engine Remote Code Execution Vulnerability
Cisco Identity Services Engine Remote Code Execution Vulnerability
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in
VulDB
Cisco Identity Services Engine Software up to 3.5.0 HTTP path traversal (cisco-sa-ise-multi-G5WP8vv / EUVD-2026-37748)
vuldb·2026-06-17
CVE-2026-20181 [CRITICAL] Cisco Identity Services Engine Software up to 3.5.0 HTTP path traversal (cisco-sa-ise-multi-G5WP8vv / EUVD-2026-37748)
A vulnerability has been found in Cisco Identity Services Engine Software and ISE Passive Identity Connector and classified as critical. This vulnerability affects unknown code of the component HTTP Handler. This manipulation causes path traversal.
This vulnerability is tracked as CVE-2026-20181. The attack is possible to be carried out remotely. No exploit exists.
The affected component should be upgraded.
GHSA
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
ghsa_unreviewed·2026-06-17
CVE-2026-20181 [CRITICAL] CWE-22 A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints t
No detection rules found.
No public exploits indexed.
2026-06-17
Published