AI description
CVE-2026-20181 is a remote code execution (RCE) vulnerability found in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw arises from insufficient validation of user-supplied input, which allows an authenticated, remote attacker to send a specially crafted HTTP request. Successful exploitation of this vulnerability grants the attacker the ability to execute arbitrary commands on the underlying operating system, potentially leading to user-level access and subsequent privilege escalation to root. In single-node deployments, this issue could also result in a denial-of-service (DoS) condition.
- Description
- A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🚨 Cisco ISE patch watch: Cisco fixed CVE-2026-20181 and CVE-2026-20190 in ISE and ISE-PIC. The advisory says the flaws can enable remote code execution or sensitive information disclosure, with no workarounds. #Cisco #Cyber https://t.co/ElVl2jK4ES
@Divinmentis
18 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
2 Replies
0 Quotes
『allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device.』 CVE-2026-20181 CVE-2026-20190 Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://t.co/f3fITtqm4R
@autumn_good_35
18 Jun 2026
126 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【セキュリティ ニュース】「Cisco ISE」にRCE脆弱性 - 端末の接続に影響するおそれも(1ページ目 / 全2ページ):Security NEXT https://t.co/jk6yaf7Smc CVE-2026-20181/CVE-2026-20190 Cisco Identity Services Engineにおけるリモートコー
@taku888infinity
18 Jun 2026
1251 Impressions
1 Retweet
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2026-20181 A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected… https://t.co/2u4yF0apGo ----- Traducción: Una vulnerabilidad… https://t.co/utmtNg
@infoflowcloud
17 Jun 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Cisco ISE vulnerabilities expose networks to Remote Code Execution (CVE-2026-20181) and data theft (CVE-2026-20190). Patch affected systems now. #CiscoISE #CyberSecurity #CVE202620181 #CVE202620190 #InfoSec https://t.co/Rdjc5MElon https://t.co/DhHIGCFdwU
@the_yellow_fall
17 Jun 2026
414 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
1 Quote