By Abinaya
Publication Date: 2026-04-16 11:32:00
Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).
According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an authenticated remote attacker to execute arbitrary commands on affected devices.
They may also enable path traversal attacks, a recurring and critical threat vector in enterprise network infrastructure.
Cisco ISE RCE Vulnerability
The advisory notes that two independent vulnerabilities, devices affected by one may not be impacted by the other, and exploitation of one is not required for the other.
The most severe flaw, CVE-2026-20147 (CVSS 9.9), is a critical remote code execution (RCE) vulnerability caused by insufficient validation of user-supplied input.
An attacker with valid administrative credentials could exploit this by sending a specially crafted HTTP request to the…
