THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesApr 16, 2026

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco patches four critical flaws in Identity Services and Webex enabling code execution and user impersonation.

Read at source

Summary

Cisco released security patches for four critical vulnerabilities affecting Identity Services Engine (ISE) and Webex Services with CVSS scores between 9.8–9.9. The flaws include improper certificate validation in SSO integration (CVE-2026-20184), insufficient input validation in ISE and ISE-PIC (CVE-2026-20147), and multiple command execution vulnerabilities (CVE-2026-20180, CVE-2026-20186) that could allow authenticated attackers to achieve remote code execution or impersonate any user. No active exploitation has been reported, but users are urged to update immediately.

Full text

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Ravie LakshmananApr 16, 2026Vulnerability / Network Security Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Webex Services that could allow an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access to legitimate Cisco Webex services. CVE-2026-20147 (CVSS score: 9.9) - An insufficient validation of user-supplied input vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an authenticated, remote attacker in possession of valid administrative credentials to achieve remote code execution by sending crafted HTTP requests. CVE-2026-20180 and CVE-2026-20186 (CVSS scores: 9.9) - Multiple insufficient validation of user-supplied input vulnerabilities in ISE could allow an authenticated, remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests. "A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root," Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186. "In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored." CVE-2026-20184 requires no customer action as it's cloud-based. However, customers who are using SSO are advised to upload a new identity provider (IdP) SAML certificate to Control Hub. The remaining vulnerabilities have been addressed in the following versions - CVE-2026-20147 Cisco ISE or ISE-PIC Release earlier than 3.1 (Migrate to a fixed release) Cisco ISE Release 3.1 (3.1 Patch 11) Cisco ISE Release 3.2 (3.2 Patch 10) Cisco ISE Release 3.3 (3.3 Patch 11) Cisco ISE Release 3.4 (3.4 Patch 6) Cisco ISE Release 3.5 (3.5 Patch 3) CVE-2026-20180 and CVE-2026-20186 Cisco ISE Release earlier than 3.2 (Migrate to a fixed release) Cisco ISE Release 3.2 (3.2 Patch 8) Cisco ISE Release 3.3 (3.3 Patch 8) Cisco ISE Release 3.4 (3.4 Patch 4) Cisco ISE Release 3.5 (Not Vulnerable) While Cisco noted that it is not aware of any of these shortcomings being exploited in the wild, it's essential that users update their instances to the latest version for optimal protection. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  cisco, Cloud security, cybersecurity, network security, remote code execution, Vulnerability, Webex Trending News Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Block the Prompt, Not the Work: The End of "Doctor No" BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority Popular Resources Learn How to Block Breached Passwords in Active Directory Before Attacks Get Full Visibility into Vendor and Internal Risk in One Platform [Guide] Get Practical Steps to Govern AI Agents with Runtime Controls Secure Your AI Systems Across the Full Lifecycle of Risks

Indicators of Compromise

  • cve — CVE-2026-20184
  • cve — CVE-2026-20147
  • cve — CVE-2026-20180
  • cve — CVE-2026-20186

Entities

Cisco (vendor)Cisco Identity Services Engine (ISE) (product)Cisco Webex Services (product)Cisco ISE Passive Identity Connector (ISE-PIC) (product)