CVE-2026-20136
Received Received - Intake
Command Injection in Cisco ISE CLI Allows Root Privilege Escalation

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20136
EUVD
EUVD-2026-22960
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
cisco ise_passive_identity_connector to 3.4 (exc)
cisco identity_services_engine From 3.3 (inc)
cisco identity_services_engine From 3.4 (inc)
cisco identity_services_engine From 3.5.1 (inc)
cisco identity_services_engine *
cisco ise_passive_identity_connector *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-116 The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-20136 is a medium-severity vulnerability in the command-line interface (CLI) of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC).

It allows an authenticated local attacker who already has administrative privileges to perform a command injection attack on the underlying operating system.

This happens because the software does not properly validate user-supplied input for a specific CLI command.

By providing crafted input, the attacker can escalate their privileges to root on the operating system.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrative access to escalate their privileges to root on the underlying operating system.

This means the attacker could gain full control over the system, potentially leading to unauthorized access, modification, or disruption of critical services.

Since the vulnerability affects core Cisco ISE components, it could compromise network access control and identity services.

Mitigation Strategies

No workarounds or mitigations are available for this vulnerability.

The recommended immediate step is to upgrade to the fixed software releases provided by Cisco.

  • For Cisco ISE 3.3 and earlier: upgrade to 3.3 Patch 11 (April 2026).
  • For Cisco ISE 3.4: upgrade to 3.4 Patch 6 (April 2026).
  • For Cisco ISE 3.5.1: upgrade to 3.5 Patch 3.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20136. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart