Skip to main content

Cisco Identity Services Engine Software CVE-2026-20147

| EUVDEUVD-2026-22962 CRITICAL
Command Injection (CWE-77)
2026-04-15 cisco GHSA-6m6h-8f8v-r7j4
9.9
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
EUVD ID Assigned
Apr 15, 2026 - 16:30 euvd
EUVD-2026-22962
CVE Published
Apr 15, 2026 - 16:03 nvd
CRITICAL 9.9

DescriptionCVE.org

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Analysis

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

CVE-2026-20186 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20180 CRITICAL
9.9 Apr 15

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitra

CVE-2026-20181 CRITICAL
9.1 Jun 17

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-P

CVE-2026-20190 HIGH
7.5 Jun 17

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unaut

CVE-2026-20136 MEDIUM
6.0 Apr 15

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PI

CVE-2026-20146 MEDIUM
5.5 Jul 15

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, aut

CVE-2026-20195 MEDIUM
5.3 May 06

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity

CVE-2026-20148 MEDIUM
4.9 Apr 15

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal a

CVE-2026-20132 MEDIUM
4.8 Apr 15

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an au

CVE-2026-20193 MEDIUM
4.3 May 06

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADI

Share

CVE-2026-20147 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy