Cisco ISE Patches Critical Command Execution Vulnerability

Anuj June 18, 2026
www.news4hackers.com-cisco-ise-patches-critical-command-execution-vulnerability-cisco-ise-patches-critical-command-execution-vulnerability
Post Views: 9

Cisco has issued updates to resolve a critical command execution vulnerability affecting Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).

The flaw, designated CVE-2026-20181 with a CVSS score of 9.1, arises from insufficient validation of user input, enabling an attacker to craft malicious HTTP requests and achieve user-level access to the underlying operating system. Exploitation requires valid administrative credentials, allowing the attacker to escalate privileges to root. In single-node configurations, the vulnerability could also trigger a denial-of-service (DoS) condition. The vulnerability was mitigated through the release of ISE and ISE-PIC versions 3.3 Patch 11 and 3.4 Patch 6. A hotfix for ISE version 3.5 is available and will be incorporated into version 3.5 Patch 4 scheduled for August. The updates also resolve a high-severity information disclosure issue, CVE-2026-20190, which could permit unauthenticated attackers to access sensitive data such as hashed credentials. In addition to these fixes, Cisco addressed medium-severity flaws in the Webex App, Umbrella Virtual Appliance, and Crosswork Network Controller. These issues could enable malicious redirects, privilege escalation, and arbitrary command execution. The company confirmed no evidence of these vulnerabilities being actively exploited in the wild. Further details are available in Cisco’s security advisories.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-microsoft-resolves-windows-server-2016-security-update-failures-microsoft-resolves-windows-server-2016-security-update-failures-1

Dream Secures $260 Million in Series Funding at $3 Billion Valuation

Anuj June 18, 2026
www.news4hackers.com-microsoft-resolves-windows-server-2016-security-update-failures-microsoft-resolves-windows-server-2016-security-update-failures

Microsoft Resolves Windows Server 2016 Security Update Failures

Anuj June 18, 2026
www.news4hackers.com-critical-vulnerabilities-patched-by-atlassian-and-splunk-security-updates-released-critical-vulnerabilities-patched-by-atlassian-and-splunk-security-updates-released

Critical Vulnerabilities Patched by Atlassian and Splunk, Security Updates Released

Anuj June 18, 2026

Latest Cyber Security News

www.news4hackers.com-microsoft-resolves-windows-server-2016-security-update-failures-microsoft-resolves-windows-server-2016-security-update-failures-1

Dream Secures $260 Million in Series Funding at $3 Billion Valuation

Anuj June 18, 2026
www.news4hackers.com-microsoft-resolves-windows-server-2016-security-update-failures-microsoft-resolves-windows-server-2016-security-update-failures

Microsoft Resolves Windows Server 2016 Security Update Failures

Anuj June 18, 2026
www.news4hackers.com-cisco-ise-patches-critical-command-execution-vulnerability-cisco-ise-patches-critical-command-execution-vulnerability

Cisco ISE Patches Critical Command Execution Vulnerability

Anuj June 18, 2026
www.news4hackers.com-critical-vulnerabilities-patched-by-atlassian-and-splunk-security-updates-released-critical-vulnerabilities-patched-by-atlassian-and-splunk-security-updates-released

Critical Vulnerabilities Patched by Atlassian and Splunk, Security Updates Released

Anuj June 18, 2026
www.news4hackers.com-critical-nginx-vulnerabilities-patched-by-f5-security-updates-released-critical-nginx-vulnerabilities-patched-by-f5-security-updates-released

Critical NGINX Vulnerabilities Patched by F5: Security Updates Released

Anuj June 18, 2026
en_USEnglish
en_USEnglish