CVE-2026-20147 – Cisco Identity Services Engine Software Critical Authentication and Access Control Vulnerabilities

Cisco has released critical security patches for Identity Services Engine (ISE) Software addressing three severe vulnerabilities: CVE-2026-20180, CVE-2026-20186, and CVE-2026-20147. These issues impact core identity, authentication, and access control functions, potentially allowing attackers to bypass protections or execute unauthorized actions within enterprise networks.

CVE-2026-20180 has a CVSS score of 9.9, which is Critical severity. CVE-2026-20186 has a CVSS score of 9.9, which is Critical severity. CVE-2026-20147 has a CVSS score of 9.9, which is Critical severity. The consistently high scores reflect extreme risk, especially given ISE’s role as a centralized security enforcement point. There is no verified evidence of active exploitation or publicly available proof-of-concept code for these vulnerabilities.

The patch strengthens authentication logic and closes gaps in access control enforcement, reducing the risk of unauthorized network access and privilege misuse.