CVE Tools

CVE-2026-20180

Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability

Published: Apr 15, 2026Updated: Apr 17, 2026 Sources: CVE List NVD BDUCWE-22

9.9CVSSCRITICAL

Patch Available

Description

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:LPrivileges Required

Low

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

Affected Products

Cisco Identity Services Engine Software Cisco

On-premSecurity Product

Networking Infrastructure

Cisco Identity Services Engine Cisco Systems Inc.

On-premSecurity Product

Networking Infrastructure

ciscocommercialUSNetworking Infrastructureaka cisco systems, cisco systems inc.

cisco systems inc.commercialUSNetworking Infrastructureaka cisco systems, cisco

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

Official Patch Available

MITRE ATT&CK

2 techniques

Collection

Discovery

View detailed technique mapping

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv

sec.cloudapps.cisco.com

Timeline

Published

Apr 15, 2026

Last Updated

Apr 17, 2026

News mentions

1

Cisco ISE Vulnerabilities: Critical RCE and Info Disclosure Flaws
en-us·Daily CyberSecurity (securityonline.info)· Summary only·Jun 17, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-20180 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows