Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

cisco-sa-ise-rce-traversal-8bYndVrZ · Critical · Published · Updated

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote code execution or conduct path traversal attacks on an affected device. To exploit these vulnerabilities, the attacker must have valid administrative credentials. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2026-20147, CVE-2026-20148
Cisco Bug IDsCSCws52738, CSCws52717
CVSS ScoreBase 9.9
Base 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector

Related Products

Product CVE Evidence
Cisco ISE Passive Identity Connector CVE-2026-20148 Cisco OpenVuln
Cisco ISE Passive Identity Connector CVE-2026-20147 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2026-20148 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2026-20147 Cisco OpenVuln