Medium6.0Cisco Updated
Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
cisco-sa-ise-cmd-inj-5WSJcYJB Published Apr 15, 2026Updated by vendor Apr 15, 2026
CVE-2026-20136
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco ISE and ISE-PIC, regardless of device configuration.
- Release 3.3 and earlier (first fixed: 3.3 Patch 11 (Apr 2026))
- Release 3.4 (first fixed: 3.4 Patch 6 (Apr 2026))
- Release 3.51 (first fixed: 3.5 Patch 3)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.3 Patch 11 (Apr 2026)
- 3.4 Patch 6 (Apr 2026)
- 3.5 Patch 3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.3 and earlier: upgrade to 3.3 Patch 11 (Apr 2026).
- Release 3.4: upgrade to 3.4 Patch 6 (Apr 2026).
- Release 3.51: upgrade to 3.5 Patch 3.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.