Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code

Cisco has issued an urgent security advisory addressing two newly discovered vulnerabilities affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products.

These flaws pose a severe threat to enterprise environments, enabling attackers to potentially execute malicious code and compromise critical systems.

Cisco Identity Services Engine (ISE) is widely used to enforce network access policies, authenticate users, and manage device connections across corporate infrastructure.

The newly disclosed issues impact the web-based management interfaces of both ISE and ISE-PIC, allowing attackers to exploit them remotely under certain conditions.

Critical Remote Code Execution Risk

According to Cisco’s official advisory released on April 15, 2026, the most serious flaw, CVE-2026-20147, carries a CVSS score of 9.9 (Critical).

This vulnerability arises from improper validation of user input within HTTP requests. By sending specially crafted data, an authenticated attacker could execute arbitrary commands on the underlying operating system.

Successful exploitation gives attackers user-level access that can easily escalate to root privileges, potentially granting full administrative control over the device.

In single-node ISE deployments, this attack can also trigger a Denial of Service (DoS) condition, locking users and endpoints out of the network until the affected node is restored.

The second flaw, CVE-2026-20148, with a CVSS score of 4.9 (Medium), stems from improper input validation that allows path traversal.

An authenticated attacker could exploit it to read sensitive files from the system, bypassing standard directory restrictions and exposing internal configuration data.

Although these vulnerabilities operate independently, both significantly endanger network integrity if exploited. Cisco confirmed there are no available workarounds or temporary mitigations, urging customers to apply the provided software updates without delay.

Administrators should upgrade affected systems according to Cisco’s patch recommendations:

• Version 3.1 → Patch 11
• Version 3.2 → Patch 10
• Version 3.3 → Patch 11
• Version 3.4 → Patch 6
• Version 3.5 → Patch 3
  Older versions must migrate to a supported release immediately to ensure protection.

These vulnerabilities were responsibly reported to Cisco by Jonathan Lein of TrendAI Research.

The company’s Product Security Incident Response Team (PSIRT) stated that no public proof-of-concept exploit or active attacks are currently known.

Still, given the severity of CVE-2026-20147, security teams are strongly advised to prioritize patching as part of their vulnerability management routines before threat actors attempt to reverse-engineer the fixes.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code appeared first on Cyber Security News.