# Urgent Patches Released for Cisco Identity Services Engine Vulnerabilities

*Published June 19, 2026*
*Source: [https://www.securityweek.com/critical-command-execution-vulnerability-patched-in-cisco-ise/](https://www.securityweek.com/critical-command-execution-vulnerability-patched-in-cisco-ise/)*

## Executive Summary

Cisco has released critical patches for its Identity Services Engine to fix a command execution vulnerability that could allow attackers to escalate privileges with valid credentials. The updates also address related vulnerabilities and are crucial to prevent potential security breaches.

## Article

Cisco has issued critical updates for its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to address a severe command execution vulnerability. Known as CVE-2026-20181 with a CVSS score of 9.1, this flaw arises from improper validation of user input, allowing attackers with valid administrative credentials to execute arbitrary commands on the operating system of affected devices. This vulnerability could enable attackers to gain user-level access and escalate privileges to root, posing significant security risks. 

In single-node deployments, exploitation of this vulnerability could lead to a denial-of-service condition, blocking network access for unauthenticated endpoints until the node is restored. Cisco has resolved this issue by releasing updates for ISE and ISE-PIC versions 3.3 Patch 11 and 3.4 Patch 6, while a hotfix for ISE version 3.5 is available and will be incorporated into version 3.5 Patch 4, expected in August.

Additionally, the updates address a high-severity information disclosure vulnerability, CVE-2026-20190, which could allow attackers to access sensitive data like hashed credentials without authentication. Cisco also released fixes for medium-severity vulnerabilities in other products including the Webex App, Umbrella Virtual Appliance, and Crosswork Network Controller, which could result in malicious redirects and privilege escalation.

Cisco reports that none of these vulnerabilities have been exploited in the wild yet. For more detailed information, security professionals are encouraged to visit Cisco’s security advisories page.