Description
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Published: 2026-06-17
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Cisco Identity Services Engine (ISE) and the ISE Passive Identity Connector permits an authenticated remote attacker to send a specially crafted HTTP request that bypasses input validation, resulting in execution of arbitrary commands on the underlying operating system. If the attacker obtains user‑level access they can subsequently elevate privileges to root, fully compromising the affected device. In single‑node deployments, exploitation can also cause a denial of service, preventing unauthenticated endpoints from accessing the network until the node is restored.

Affected Systems

The vulnerability affects Cisco Identity Services Engine Software and Cisco ISE Passive Identity Connector. No specific version ranges are disclosed in the advisory; the flaw is present across all released versions of these products.

Risk and Exploitability

The CVSS v3 score of 9.1 indicates a high‑severity remote code execution risk. The EPSS score of less than 1% suggests that, at present, exploitation is unlikely but still feasible, and the vulnerability is not listed in the CISA KEV catalog. Attackers must have valid administrative credentials; the flaw is accessed via crafted HTTP traffic from an external network. Successful exploitation leads to full system compromise and potential DoS if the node crashes.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco ISE or ISE‑PIC update that contains the fix.
  • Restrict administrative access to trusted users and networks, enforcing least privilege.
  • Block or filter unauthorized HTTP requests to the ISE interface using firewalls or access control lists.
  • Enable logging and monitor for suspicious requests; employ IDS/IPS to detect potential exploitation.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Title Cisco Identity Services Engine Remote Code Execution Vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-18T03:56:44.983Z

Reserved: 2025-10-08T11:59:15.393Z

Link: CVE-2026-20181

cve-icon Vulnrichment

Updated: 2026-06-17T16:29:27.007Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:30:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')