NCSC-2026-0208 [1.00] [M/H] Vulnerabilities fixed in Cisco Identity Services Engine
Cisco has fixed multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerabilities can be exploited by both authenticated and unauthenticated attackers. An authenticated attacker with administrative rights can send specially crafted HTTP requests to execute arbitrary commands, potentially leading to Denial-of-Service and privilege escalation, compromising the integrity and availability of the systems. Additionally, some vulnerabilities can lead to unauthorized information disclosure. Unauthenticated attackers can also execute arbitrary code remotely and access sensitive information such as hashed login credentials. The cause lies in improper authorization controls when accessing certain resources within the systems.
CSIRTS triage
- What
- Multiple vulnerabilities in Cisco Identity Services Engine can lead to remote code execution and privilege escalation.
- Who is affected
- Deployments of Cisco Identity Services Engine and ISE-PIC are affected.
- Urgency
- Remediation is critical due to the potential for severe security breaches.
- Action
- Update to the latest version of Cisco Identity Services Engine.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Cisco Identity Services Engine
Get an email when a new Cisco Identity Services Engine advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0208
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-201810.75% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
- Low exploitation riskCVE-2026-201900.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20181 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-20190 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
Recent advisories for Cisco Identity Services
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilitiescisco-psirt · 2026-07-06
- mediumCisco Identity Services Engine Authentication Bypass Vulnerabilitiescisco-psirt · 2026-05-06
- mediumCisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilitiescisco-psirt · 2026-05-05
- criticalCisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilitiescisco-psirt · 2026-04-28
- criticalCisco Identity Services Engine Remote Code Execution Vulnerabilitiescisco-psirt · 2026-04-15
- mediumCisco Identity Services Engine Authenticated Privilege Escalation Vulnerabilitycisco-psirt · 2026-04-15
More from NCSC-NL Advisories
- unknownNCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access2026-07-10
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03