Cisco ISE Vulnerabilities CVE-2026-20186 and CVE-2026-20180 Disclosed

Severity: High (Score: 74.0)

Sources: nvd.nist.gov

Summary

Two critical vulnerabilities, CVE-2026-20186 and CVE-2026-20180, have been published for Cisco Identity Services Engine (ISE) on April 15, 2026. Both vulnerabilities allow authenticated remote attackers with Read Only Admin credentials to execute arbitrary commands on the underlying operating system. The vulnerabilities stem from insufficient validation of user-supplied input and can be exploited via crafted HTTP requests. Successful exploitation could lead to user-level access, privilege escalation to root, and potential denial of service (DoS) in single-node ISE deployments. Affected systems may become unavailable, preventing unauthenticated endpoints from accessing the network until restored. Organizations using Cisco ISE should assess their systems for these vulnerabilities and apply necessary mitigations. The current status indicates that these vulnerabilities are newly disclosed and require immediate attention. Key Points: • CVE-2026-20186 and CVE-2026-20180 affect Cisco Identity Services Engine. • Exploitation requires Read Only Admin credentials and can lead to root access. • Successful attacks may cause denial of service in single-node deployments.

Key Entities

• DDoS (attack_type)
• Denial of Service (attack_type)
• CVE-2026-20180 (cve)
• CVE-2026-20186 (cve)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• Cisco Identity Services Engine (platform)