Medium5.3Cisco Updated
Cisco Identity Services Engine Authentication Bypass Vulnerabilities
cisco-sa-ise-unauth-bypass-uxjRXGpb Published May 6, 2026Updated by vendor May 6, 2026
CVE-2026-20193CVE-2026-20195
Affected products & platforms
CiscoISEIdentity Services Engine
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected versions
- Scope: At the time of publication, these vulnerabilities affected Cisco ISE, regardless of device configuration.
- 3.2 and earlier — Migrate to a fixed release
- Release 3.3 (first fixed: 3.3 Patch 11)
- Release 3.4 (first fixed: 3.4 Patch 6)
- Release 3.5 (first fixed: 3.5 Patch 3)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.3 Patch 11
- 3.4 Patch 6
- 3.5 Patch 3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.2 and earlier: migrate to a fixed release.
- Release 3.3: upgrade to 3.3 Patch 11.
- Release 3.4: upgrade to 3.4 Patch 6.
- Release 3.5: upgrade to 3.5 Patch 3.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.