CVE-2026-20136
Analyzed Analyzed - Analysis Complete

Command Injection in Cisco ISE CLI Allows Root Privilege Escalation

Vulnerability report for CVE-2026-20136, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-15

Last updated on: 2026-07-02

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-15
Last Modified
2026-07-02
Generated
2026-07-06
AI Q&A
2026-04-15
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 42 associated CPEs
Vendor Product Version / Range
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine to 3.3.0 (exc)
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.5.0
cisco identity_services_engine 3.5.0
cisco identity_services_engine 3.5.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector to 3.3.0 (exc)
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.4.0
cisco identity_services_engine_passive_identity_connector 3.5.0
cisco identity_services_engine_passive_identity_connector 3.5.0
cisco identity_services_engine_passive_identity_connector 3.5.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0
cisco identity_services_engine_passive_identity_connector 3.3.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-20136 is a medium-severity vulnerability in the command-line interface (CLI) of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC).

It allows an authenticated local attacker who already has administrative privileges to perform a command injection attack on the underlying operating system.

This happens because the software does not properly validate user-supplied input for a specific CLI command.

By providing crafted input, the attacker can escalate their privileges to root on the operating system.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrative access to escalate their privileges to root on the underlying operating system.

This means the attacker could gain full control over the system, potentially leading to unauthorized access, modification, or disruption of critical services.

Since the vulnerability affects core Cisco ISE components, it could compromise network access control and identity services.

Mitigation Strategies

No workarounds or mitigations are available for this vulnerability.

The recommended immediate step is to upgrade to the fixed software releases provided by Cisco.

  • For Cisco ISE 3.3 and earlier: upgrade to 3.3 Patch 11 (April 2026).
  • For Cisco ISE 3.4: upgrade to 3.4 Patch 6 (April 2026).
  • For Cisco ISE 3.5.1: upgrade to 3.5 Patch 3.
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20136. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart