Skip to main content

Cisco ISE CVE-2026-20146

| EUVDEUVD-2026-44716 MEDIUM
Path Traversal (CWE-22)
2026-07-15 cisco GHSA-37fr-rv4j-c6g2
5.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
6.7 MEDIUM

PR:H per mandatory admin credentials; C:H for arbitrary file read; I:H and A:L upgraded from vendor's I:L/A:N to reflect realistic impact of arbitrary OS file deletion.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 16:50 vuln.today
CVE Published
Jul 15, 2026 - 16:17 cve.org
MEDIUM 5.5

DescriptionCVE.org

A vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. 

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files or delete arbitrary files on the affected system.

AnalysisAI

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, authenticated attacker with administrative credentials to read or delete arbitrary files on the underlying operating system via crafted HTTP requests. Successful exploitation could expose sensitive configuration or credential files, or trigger destructive deletion of system files. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid ISE admin credentials
Delivery
Authenticate to ISE administrative interface
Exploit
Send crafted HTTP request with traversal sequences
Execution
Bypass path validation
Impact
Read sensitive OS files or delete arbitrary files

Vulnerability AssessmentAI

Exploitation Exploitation requires valid administrative credentials on the Cisco ISE or ISE-PIC system (explicitly stated in the description and confirmed by CVSS PR:H). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The Cisco-provided CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N) scores 5.5 (Medium), which accurately reflects the high privilege barrier (PR:H - valid admin credentials required) that significantly constrains exploitability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid ISE administrative credentials - through phishing, credential stuffing against the admin portal, or insider access - sends a crafted HTTP request containing path traversal sequences to the ISE administrative interface. The application fails to sanitize the input, allowing the attacker to traverse outside the intended directory and retrieve sensitive OS-level files such as private keys, database connection strings, or RADIUS shared secrets stored on the appliance. …
Remediation Consult the Cisco Security Advisory cisco-sa-ise-traversal-xNt7wb2Y at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-xNt7wb2Y for the specific fixed software release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20147 CRITICAL
9.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary comman

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20190 HIGH
7.5 Jun 17

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20195 MEDIUM
5.3 May 06

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20132 MEDIUM
4.8 Apr 15

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au

CVE-2026-20193 MEDIUM
4.3 May 06

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI

Share

CVE-2026-20146 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy