【Vulnerability Alert】Cisco Identity Services Critical Security Vulnerability (CVE-2026-20181)

• Subject: 【Vulnerability Alert】Cisco Identity Services Critical Security Vulnerability (CVE-2026-20181)

• Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center Security Alert TWCERTCC-200-202606-00000016
  • Cisco Identity Services Engine (ISE) is an identity-based security management platform that gathers information from the network, user devices, and enforces policies and makes regulatory decisions across the network infrastructure.
  • Cisco recently released a critical security vulnerability advisory (CVE-2026-20181, CVSS: 9.1). This vulnerability could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of proofed devices. Note: To exploit this vulnerability, the attacker must possess valid administrator credentials.
• Affected Platforms:
  • Cisco ISE and Cisco ISE-PIC versions 3.3 and earlier
  • Cisco ISE and Cisco ISE-PIC version 3.4
  • Cisco ISE and Cisco ISE-PIC version 3.5
• Recommended Actions:
  • Please update to Cisco ISE and Cisco ISE-PIC 3.3 Patch 11, Cisco ISE and Cisco ISE-PIC 3.4 Patch 6, or Cisco ISE and Cisco ISE-PIC 3.5 Patch 4
• Reference:
  1. https://www.twcert.org.tw/tw/cp-169-10984-5eafa-1.html

Computer and Communication Center
Network Systems Division