Cisco Identity Services Engine Remote Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root . In single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv Security Impact Rating: Critical CVE: CVE-2026-20180,CVE-2026-20186
CSIRTS triage
- What
- Multiple vulnerabilities could allow an authenticated, remote attacker to execute arbitrary commands on the operating system.
- Who is affected
- Authenticated users with Read Only Admin credentials on affected devices.
- Urgency
- Remediation is urgent due to the potential for remote code execution and denial of service.
- Action
- Update to the latest software version.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Identity Services Engine
Get an email when a new Identity Services Engine advisory drops — max one per day, one-click unsubscribe.
Details
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2026-201806.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 93% of all scored CVEs.
- Moderate exploitation riskCVE-2026-201866.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 93% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20180 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20186 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Cisco Identity Services
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilitiescisco-psirt · 2026-07-06
- unknownNCSC-2026-0208 [1.00] [M/H] Vulnerabilities fixed in Cisco Identity Services Enginencsc-nl · 2026-06-19
- mediumCisco Identity Services Engine Authentication Bypass Vulnerabilitiescisco-psirt · 2026-05-06
- mediumCisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilitiescisco-psirt · 2026-05-05
- criticalCisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco-psirt · 2026-04-28
- mediumCisco Identity Services Engine Authenticated Privilege Escalation Vulnerabilitycisco-psirt · 2026-04-15
More from Cisco Security Advisories
- unknownCisco Advance Notification for Publication of July 15, 2026, Security Advisories2026-07-08
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities2026-07-06
- highCisco Catalyst Center Arbitrary File Read Vulnerability2026-07-06
- highClamAV Vulnerabilities Affecting Cisco Products: July 20262026-07-02
- highCisco Advance Notification for Publication of July 1, 2026, Security Advisories2026-07-01