CVE-2026-20147

Name of the Vulnerable Software and Affected Versions Cisco ISE (affected versions not specified) Cisco ISE-PIC (affected versions not specified)

Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitrary commands on the underlying operating system of an affected device. This is achieved by sending a crafted HTTP request. A successful exploit can grant user-level access to the operating system and subsequent privilege escalation to root. In single-node deployments, this may lead to a denial of service (DoS) condition, preventing unauthenticated endpoints from accessing the network until the node is restored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.