vulnerability
Cisco ISE: CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Apr 15, 2026 | Apr 16, 2026 | Apr 16, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Apr 15, 2026
Added
Apr 16, 2026
Modified
Apr 16, 2026
Description
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
Solution
cisco-ise-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.