Critical9.1Cisco Updated
Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
cisco-sa-ise-multi-G5WP8vv Published Jun 19, 2026Updated by vendor Jun 19, 2026
CVE-2026-20181CVE-2026-20190
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected versions
- Scope: These vulnerabilities affect Cisco ISE and Cisco ISE-PIC, regardless of device configuration.
- Earlier than 3.3 — Migrate to a fixed release
- Release 3.3 (first fixed: 3.3 Patch 11)
- Release 3.4 (first fixed: 3.4 Patch 6)
- Release 3.5 (first fixed: 3.5 Patch 4 (Aug 2026) or hot patch / 3.5 Patch 3)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.3 Patch 11
- 3.4 Patch 6
- 3.5 Patch 4 (Aug 2026) or hot patch / 3.5 Patch 3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 3.3: migrate to a fixed release.
- Release 3.3: upgrade to 3.3 Patch 11.
- Release 3.4: upgrade to 3.4 Patch 6.
- Release 3.5: upgrade to 3.5 Patch 4 (Aug 2026) or hot patch / 3.5 Patch 3.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(1)
- BBr11 day ago
Test
- B
Sign in to join the discussion.