CVE-2026-20180

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on the underlying operating system by sending a crafted HTTP request. A successful exploit could grant user-level access and subsequent privilege escalation to root. In single-node deployments, this could lead to a denial of service (DoS) condition, preventing unauthenticated endpoints from accessing the network until the node is restored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.