Cisco patches critical ISE command execution flaw CVE-2026-20181

CISCO has issued critical security patches for a command execution vulnerability (CVE-2026-20181) affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which could allow attackers with admin credentials to execute arbitrary commands on the OS. The vulnerability has a CVSS score of 9.1 and can cause a denial-of-service condition in single-node deployments. Additional high-severity vulnerabilities were addressed in other products, including Webex and Umbrella. Cisco is unaware of these flaws being exploited in the wild, and related updates will be included in future patches.