CISCO Security Advisory
Published Date: April 28, 2026
CVE: CVE-2026-20147
Advisory Summary
⚠️ Critical Security Vulnerabilities Discovered in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC)
Cisco has identified multiple critical vulnerabilities (CVE-2026-20147, CVE-2026-20148) affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products. These security flaws permit an authenticated attacker—requiring valid administrative credentials—to perform remote code execution or path traversal attacks on the affected systems. The gravity of these vulnerabilities underscores the risk of unauthorized system manipulation and potential data breaches within organizations utilizing these solutions for network access control and identity services.
Cisco has promptly released software patches to remediate these issues. Importantly, there are no known workarounds, making timely application of the updates imperative to safeguard infrastructure. IT security and network operations teams managing Cisco ISE environments should prioritize assessing their systems and deploying the provided patches without delay to mitigate exploitation risks.
For detailed remediation instructions, affected versions, and further technical information, consult Cisco’s official advisory.
đź”—
Reference: Vendor Advisory