Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code

Home Cyber Security News Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an authenticated remote attacker to execute arbitrary commands on affected devices. They may also enable path traversal attacks, a recurring and critical threat vector in enterprise network infrastructure. Cisco ISE RCE Vulnerability The advisory notes that two independent vulnerabilities, devices affected by one may not be impacted by the other, and exploitation of one is not required for the other. The most severe flaw, CVE-2026-20147 (CVSS 9.9), is a critical remote code execution (RCE) vulnerability caused by insufficient validation of user-supplied input. An attacker with valid administrative credentials could exploit this by sending a specially crafted HTTP request to the targeted device. A successful attack grants user-level access to the underlying operating system, allowing the attacker to escalate privileges to root. In single-node ISE deployments, exploiting this vulnerability could cause the node to crash, triggering a denial-of-service (DoS) condition. Unauthenticated endpoints cannot access the network until administrators fully restore the system. The second flaw, CVE-2026-20148 (CVSS 4.9), is a path-traversal vulnerability that requires valid admin credentials and is caused by improper input validation. By sending a crafted HTTP request, an attacker could perform path traversal attacks to access and read sensitive, arbitrary files directly from the underlying operating system. Cisco confirms no workarounds are available and urges administrators to upgrade immediately to patched versions. The required security updates are outlined below, following standard vulnerability reporting structures for system administrators: Releases older than 3.1: Migrate to a supported, fixed release. Release 3.1: Upgrade to 3.1 Patch 11. Release 3.2: Upgrade to 3.2 Patch 10. Release 3.3: Upgrade to 3.3 Patch 11. Release 3.4: Upgrade to 3.4 Patch 6. Release 3.5: Upgrade to 3.5 Patch 3. Administrators should note that Cisco ISE-PIC release 3.4 is the final supported version, as the product has officially reached its end-of-sale date. The vulnerabilities were discovered and reported to Cisco by security researcher Jonathan Lein of TrendAI Research. At the time of the advisory’s publication, the Cisco Product Security Incident Response Team (PSIRT) stated that they are not aware of any public announcements or active malicious exploitation of these vulnerabilities in the wild. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News McGraw Hill Confirms Data Breach Exposing 13.5 Million Users’ Personal Data Current Cyber Security News Fake Proton VPN Sites and Gaming Mods Spread NWHStealer in New Windows Malware Campaign Cyber Security News Hackers Abuse n8n AI Workflow Automation to Deliver Malware Through Trusted Webhooks Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026