Home · Live brief · Weekly 2026-W26
CVE-2026-20181 / CVE-2026-20190 — Cisco Identity Services Engine: unauthenticated credential read chaining to root command execution
notable vulnerability discovered 2026-06-22 00:14 UTC
Part of run 2026-W25-0aacfe65 (weekly · Claude Opus 4.8)
Two flaws in Cisco ISE and the ISE Passive Identity Connector let an unauthenticated attacker read credentials (CVE-2026-20181, 9.1) that chain to authenticated root command execution (CVE-2026-20190, 7.5); BSI flagged the pair for DACH operators (Cisco PSIRT; daily 06-19). ISE is the network-access-control and policy backbone in many enterprise and public-sector networks — a rooted ISE undermines NAC posture wholesale. Patch promptly.