Cisco Identity Services Engine Authenticated Remote Code Execution and Root Privilege Escalation (CVE-2026-20181 / CVE-2026-20190)

cope: Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), All Versions Prior to Fixed Releases

Severity: Red

Cisco's June 17, 2026 advisory addresses two vulnerabilities in ISE affecting enterprise network access control infrastructure commonly deployed in Ugandan government and enterprise environments: CVE-2026-20181 (CVSS 9.1) allows an authenticated remote attacker with valid administrative credentials to send crafted HTTP requests that execute arbitrary OS commands, escalate to root, and in single-node deployments crash the ISE node entirely, blocking unauthenticated endpoints from network access until service is restored; and CVE-2026-20190 (CVSS 7.5) allows an unauthenticated remote attacker to send specially crafted network traffic to extract sensitive data including password hashes and NTLM hashes usable for offline cracking. Cisco confirms no workarounds exist for either vulnerability, meaning patching is the only remediation path. Organizations must apply the ISE software updates specified in Cisco's advisory immediately, restrict management interface access to trusted IP ranges via ACLs, and enforce MFA on all administrative accounts.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.