Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Plan PatchCVSS 9.9cisco-sa-ise-rce-traversal-8bYndVrZApr 15, 2026

Cisco

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks. The attacker must have valid administrative credentials to exploit these vulnerabilities. Cisco has released software updates that address these vulnerabilities. There are no workarounds available.

What this means

What could happen

An authenticated administrator with compromised credentials could execute arbitrary commands on your ISE server or access sensitive files via path traversal, potentially compromising network access control and authentication infrastructure across your entire organization.

Who's at risk

This affects network administrators and IT security teams operating Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector. ISE is commonly deployed for network access control (NAC), 802.1X authentication, and policy enforcement in enterprise networks, including utilities and critical infrastructure. Compromise of ISE could allow unauthorized network access or policy bypasses affecting all connected systems.

How it could be exploited

An attacker with valid administrative credentials logs into the ISE web interface or management API and exploits the RCE vulnerability to execute arbitrary commands on the ISE server, or exploits path traversal to read sensitive configuration files containing credentials or policies.

Prerequisites

Valid administrative credentials for ISE server
Network access to ISE management interface (typically port 443 or 8443)
Authentication to ISE web interface or API

remotely exploitablelow complexityrequires valid administrative credentialsaffects network access control infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

ISE Passive Identity ConnectorAll versionsFix available

Identity Services Engine SoftwareAll versionsFix available

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict administrative access to ISE to specific IP addresses or networks on your management VLAN

HARDENINGReview and revoke any administrative credentials that may have been exposed or are no longer in use

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Identity Services Engine Software

HOTFIXUpdate Identity Services Engine Software to the fixed version released by Cisco

ISE Passive Identity Connector

HOTFIXUpdate ISE Passive Identity Connector to the fixed version released by Cisco

All products

HARDENINGImplement multi-factor authentication (MFA) for all ISE administrative accounts

CVEs (2)

CVE-2026-20147 CVE-2026-20148

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/867cd25c-0814-44c8-871c-b0bac98ccb34

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.