CVE-2026-20186

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on the underlying operating system. This is achieved by sending a crafted HTTP request to the device. A successful exploit can grant user-level access to the operating system, which can then be elevated to root privileges. In single-node deployments, this may lead to a denial of service (DoS) condition, preventing unauthenticated endpoints from accessing the network until the node is restored.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.