Critical9.9Cisco Updated
Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
cisco-sa-ise-rce-traversal-8bYndVrZ Published Apr 28, 2026Updated by vendor Apr 28, 2026
CVE-2026-20147CVE-2026-20148
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
Affected versions
- Scope: These vulnerabilities affect Cisco ISE and Cisco ISE-PIC, regardless of device configuration.
- Earlier than 3.1 — Migrate to a fixed release
- Release 3.1 (first fixed: 3.1 Patch 11)
- Release 3.2 (first fixed: 3.2 Patch 10)
- Release 3.3 (first fixed: 3.3 Patch 11)
- Release 3.4 (first fixed: 3.4 Patch 6)
- Release 3.51 (first fixed: 3.5 Patch 3)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.1 Patch 11
- 3.2 Patch 10
- 3.3 Patch 11
- 3.4 Patch 6
- 3.5 Patch 3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 3.1: migrate to a fixed release.
- Release 3.1: upgrade to 3.1 Patch 11.
- Release 3.2: upgrade to 3.2 Patch 10.
- Release 3.3: upgrade to 3.3 Patch 11.
- Release 3.4: upgrade to 3.4 Patch 6.
- Release 3.51: upgrade to 3.5 Patch 3.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.