Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical Cisco ISE Flaws Allow Remote Code Execution
CyberSecurity News

Critical Cisco ISE Flaws Allow Remote Code Execution

Key Takeaways Cisco has issued a critical security advisory for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Two distinct vulnerabilities, including a severe...

Jennifer sherman
Jennifer sherman
April 16, 2026 3 Min Read
30 0

Key Takeaways

  • Cisco has issued a critical security advisory for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).
  • Two distinct vulnerabilities, including a severe Remote Code Execution (RCE) flaw (CVE-2026-20147, CVSS 9.9) and a path traversal vulnerability (CVE-2026-20148, CVSS 4.9), affect the platforms.
  • The RCE vulnerability could allow an authenticated remote attacker to gain root-level access and potentially cause denial-of-service conditions.
  • Cisco has released patches for all supported versions, with no immediate workarounds available.

Cisco has released an urgent security advisory detailing multiple critical vulnerabilities impacting its widely deployed Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) solutions. These flaws, if exploited, could enable authenticated remote attackers to execute arbitrary code or perform path traversal attacks, posing significant risks to enterprise network infrastructure.

Table Of Content

  • Key Takeaways
  • Critical RCE Vulnerability in Cisco ISE
  • Path Traversal Vulnerability Identified
  • What You Should Do

The advisory, published by Cisco on April 15, 2026, highlights two independent security issues. It emphasizes that a device affected by one vulnerability may not necessarily be vulnerable to the other, and exploitation of one does not prerequisite exploitation of the second.

Critical RCE Vulnerability in Cisco ISE

The more severe of the two, identified as CVE-2026-20147, carries a critical CVSS score of 9.9. This remote code execution (RCE) vulnerability stems from insufficient validation of user-supplied input. An attacker possessing valid administrative credentials could exploit this flaw by sending a specially crafted HTTP request to the target ISE device.

Successful exploitation of CVE-2026-20147 grants the attacker user-level access to the underlying operating system. From there, they could potentially escalate privileges to gain root access. In single-node ISE deployments, exploiting this vulnerability could lead to a system crash, resulting in a denial-of-service (DoS) condition where unauthenticated endpoints are unable to access the network until the system is fully restored.

Path Traversal Vulnerability Identified

The second vulnerability, CVE-2026-20148, is a path traversal flaw with a CVSS score of 4.9. Similar to the RCE vulnerability, this issue also requires valid administrative credentials and is caused by improper input validation. An attacker could leverage this vulnerability by sending a maliciously crafted HTTP request, enabling them to access and read sensitive, arbitrary files directly from the underlying operating system.

Security researcher Jonathan Lein of TrendAI Research is credited with discovering and reporting these vulnerabilities to Cisco. At the time of the advisory’s publication, the Cisco Product Security Incident Response Team (PSIRT) confirmed that it was unaware of any public announcements or active malicious exploitation of these vulnerabilities in the wild.

Cisco has confirmed that no workarounds are available for either vulnerability. Administrators are strongly urged to upgrade their ISE deployments to the patched versions immediately. It is also important to note that Cisco ISE-PIC release 3.4 is the final supported version, as the product has officially reached its end-of-sale date.

What You Should Do

  • Upgrade Immediately: Apply the latest security patches provided by Cisco for your specific ISE and ISE-PIC versions.
  • For Releases Older Than 3.1: Migrate to a supported and fixed release as soon as possible.
  • For Release 3.1: Upgrade to 3.1 Patch 11.
  • For Release 3.2: Upgrade to 3.2 Patch 10.
  • For Release 3.3: Upgrade to 3.3 Patch 11.
  • For Release 3.4: Upgrade to 3.4 Patch 6.
  • For Release 3.5: Upgrade to 3.5 Patch 3.
  • Review Access Controls: Ensure that administrative credentials for ISE and ISE-PIC are robust, unique, and follow the principle of least privilege.
  • Monitor for Anomalies: Keep a close watch on network traffic and system logs for any unusual activity that might indicate attempted exploitation.
  • Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

    Tags:

    AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

US Nationals Sentenced for Operating Laptop Farm for North Korean IT Workers

Next Post

Microsoft 365 Web Services Encounter Google Chrome 147 Compatibility Issue

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us