Cisco ISE Remote Code Execution and Information Disclosure Vulnerability Advisory

Vulnerability Overview Multiple vulnerabilities exist in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that allow remote attackers to achieve remote code execution or conduct information disclosure attacks. Affected Products Affected Products: Cisco ISE and Cisco ISE-PIC, regardless of device configuration. Vulnerability Details: - CVE-2026-20181: Remote code execution vulnerability in Cisco ISE and ISE-PIC. Attackers can execute arbitrary commands by sending crafted HTTP requests. - CVE-2026-20190: Information disclosure vulnerability in Cisco ISE and ISE-PIC. Attackers can view sensitive information, including hashed credentials, by sending crafted traffic. Remediation Fixed Software: Cisco has released software updates to address these vulnerabilities. Customers are advised to upgrade to the appropriate fixed software version. Fixed Versions: - CVE-2026-20181: - 3.3 version: 3.3 Patch 11 - 3.4 version: 3.4 Patch 6 - 3.5 version: 3.5 Patch 4 (Aug 2026) - CVE-2026-20190: - 3.3 version: Not Available - 3.4 version: 3.4 Patch 6 - 3.5 version: 3.5 Patch 3 Additional Information CVSS Scores: - CVE-2026-20181: 9.1 - CVE-2026-20190: 7.5 Workarounds: No known workarounds currently exist to mitigate these vulnerabilities. Exploitation in the Wild: Cisco PSIRT has not observed public announcements or malicious exploitation of these vulnerabilities. Sources Reporter: - CVE-2026-20181: Jonathan Lein from TrendAI Research - CVE-2026-20181: U Jiantao and Tevel Sho from STAR Labs SG Pte. Ltd. - CVE-2026-20190: Bobby Gould from TrendAI Zero Day Initiative Links Detailed Page: Cisco Security Advisory Revision History Version 1.0: First released on June 17, 2026, final status. --- Note: This page does not contain POC code or exploit code.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ISE Remote Code Execution and Information Disclosure Vulnerability Advisory