CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to root command execution

Two flaws in Cisco ISE and the ISE Passive Identity Connector let an unauthenticated attacker read credentials (CVE-2026-20181, 9.1) that chain to authenticated root command execution (CVE-2026-20190, 7.5); BSI flagged the pair for DACH operators (Cisco PSIRT; daily 06-19). ISE is the network-access-control and policy backbone in many enterprise and public-sector networks — a rooted ISE undermines NAC posture wholesale. Patch promptly.