Cisco has issued critical updates for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to address a severe command execution vulnerability. Known as CVE-2026-20181 with a CVSS score of 9.1, this flaw arises from improper validation of user input, allowing attackers with valid administrative credentials to execute arbitrary commands on the operating system of affected devices. This vulnerability could enable attackers to gain user-level access and escalate privileges to root, posing significant security risks.

In single-node deployments, exploitation of this vulnerability could lead to a denial-of-service condition, blocking network access for unauthenticated endpoints until the node is restored. Cisco has resolved this issue by releasing updates for ISE and ISE-PIC versions 3.3 Patch 11 and 3.4 Patch 6, while a hotfix for ISE version 3.5 is available and will be incorporated into version 3.5 Patch 4, expected in August.

Additionally, the updates address a high-severity information disclosure vulnerability, CVE-2026-20190, which could allow attackers to access sensitive data like hashed credentials without authentication. Cisco also released fixes for medium-severity vulnerabilities in other products including the Webex App, Umbrella Virtual Appliance, and Crosswork Network Controller, which could result in malicious redirects and privilege escalation.

Cisco reports that none of these vulnerabilities have been exploited in the wild yet. For more detailed information, security professionals are encouraged to visit Cisco’s security advisories page.