CISCO has released emergency patches for a critical command execution flaw tracked as CVE-2026-20181 that affects its Identity Services Engine and the ISE Passive Identity Connector, as reported by SecurityWeek. The vulnerability allows attackers who already possess administrative credentials to execute arbitrary commands on the underlying operating system.
The flaw carries a CVSS base score of 9.1, reflecting its potential to compromise confidentiality, integrity and availability. Exploitation can also trigger a denial-of-service condition in single-node deployments, disrupting network access controls. A separate high-severity issue, CVE-2026-20190 with a score of 7.5, was addressed in the same advisory and could lead to unauthorized information disclosure.
Cisco’s advisory, available here, specifies that the affected products include all versions of ISE and ISE-PIC prior to the fixed releases. Patches are delivered through the usual update channels and administrators are urged to upgrade to the recommended versions immediately.
According to Cisco, there is no evidence that either vulnerability has been exploited in the wild and no threat actors have been linked to the flaws. Nevertheless, the high impact scores and the prerequisite of admin access make rapid remediation essential for any organisation relying on these systems for authentication and policy enforcement.
Defenders should begin by applying the supplied patches or upgrading to the fixed firmware releases as soon as a maintenance window permits. It is also prudent to review administrative account usage, enforce multi-factor authentication and monitor command-line activity for any unusual behaviour.
Organisations should verify the integrity of the update packages before deployment and test the patches in a non-production environment to ensure compatibility with existing policies. Once confirmed, schedule the rollout during a low-impact period and verify that services return to normal operation after the upgrade.