Cisco Patches Critical Vulnerabilities in Webex, ISE

Summary

Cisco released patches for 15 vulnerabilities, including three critical flaws in Identity Services Engine (ISE) and one in Webex. CVE-2026-20184 affects Webex SSO integration, allowing remote unauthenticated attackers to impersonate users via improper certificate validation. CVE-2026-20180 and CVE-2026-20186 in ISE permit authenticated read-only admins to execute arbitrary OS commands, while CVE-2026-20147 allows authenticated admins the same capability. Cisco reports no active exploitation in the wild.

Full text

Cisco on Wednesday announced patches for 15 vulnerabilities, including critical-severity flaws in Webex and Identity Services Engine (ISE). Tracked as CVE-2026-20184, the critical Webex bug impacts the single sign-on (SSO) integration with Control Hub and could allow remote, unauthenticated attackers to impersonate any user, Cisco says. An improper certificate validation could have allowed attackers to connect to a service endpoint and supply a crafted token to access legitimate Webex services without authorization. While the company has addressed the issue in Webex Services, which are cloud-based, customers using SSO “should upload a new identity provider (IdP) SAML certificate to Control Hub,” Cisco explains. On Wednesday, the company fixed three critical security defects in ISE, two of which – CVE-2026-20180 and CVE-2026-20186 – could allow remote, authenticated attackers that have read-only admin rights to execute arbitrary commands on the underlying OS. The two vulnerabilities exist because user-supplied input is insufficiently validated, allowing attackers to obtain user-level access to the underlying OS via crafted HTTP requests and then elevate their privileges to root.Advertisement. Scroll to continue reading. In single-node Cisco ISE deployments, the bugs could be exploited to cause denial-of-service (DoS) conditions, preventing unauthenticated endpoints from accessing the network. The third critical ISE flaw, CVE-2026-20147, allows remote, authenticated attackers with admin privileges to execute arbitrary commands on the underlying OS, and can be exploited in the same way as the other two issues. The remaining 11 security defects that Cisco patched on Wednesday are medium-severity weaknesses leading to path traversal attacks, XSS attacks, authentication policy bypass, file leaks, file overwrite, and command injection attacks. Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page. Related: Two Vulnerabilities Patched in Ivanti Neurons for ITSM Related: Fortinet Patches Critical FortiSandbox Vulnerabilities Related: Cisco Patches Critical and High-Severity Vulnerabilities Related: Cisco Patches Multiple Vulnerabilities in IOS Software Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire 100 Chrome Extensions Steal User Data, Create BackdoorMirax RAT Targeting Android Users in EuropeTwo Vulnerabilities Patched in Ivanti Neurons for ITSM Fortinet Patches Critical FortiSandbox VulnerabilitiesSAP Patches Critical ABAP VulnerabilityTriad Nexus Evades Sanctions to Fuel CybercrimeGoogle Adds Rust DNS Parser to Pixel Phones for Better SecurityOrganizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities Latest News Splunk Enterprise Update Patches Code Execution VulnerabilityMicrosoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking ContestNIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical SoftwareRansomware Hits Automotive Data Expert AutovistaClaude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via CommentsSweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy InfrastructureExploited Vulnerability Exposes Nginx Servers to HackingCapsule Security Emerges From Stealth With $7 Million in Funding Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing Officer at Silent Push.The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure.More People On The MoveExpert Insights The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• cve — CVE-2026-20184
• cve — CVE-2026-20180
• cve — CVE-2026-20186
• cve — CVE-2026-20147

Entities