CVE-2026-20181

EPSS 0.6%

hype LIKELY HACK · 68 hack

Real vuln, vendor patching actively, defender concern evident; no KEV or PoC public yet.

What: Remote code execution in Cisco Identity Services Engine (ISE) and ISE-PIC (versions 3.1–3.5) requiring authenticated admin access; CVSS reported as 9.1 in social posts.

Why it matters: Cisco released patches June 17, 2026; chatter emphasizes admin-authenticated command execution leading to root access with no workarounds. No KEV listing yet, no public PoC confirmed, but vendor urgently patching and defenders triaging admin-plane exposure suggests real risk window.

Where it's seen: Official Cisco advisories cited, security alert accounts (CCBalert, NCIIPC) amplifying patch directive, threat intelligence vendors (OffSeq) labeling "CRITICAL," and practitioner discussion distinguishing this (authenticated RCE) from CVE-2026-20190 (unauthenticated disclosure).

RISK: HIGH — Authenticated RCE to root in widely-deployed identity product; urgent vendor patching and no workarounds.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/19/2026, 8:19:31 AM

No NVD details ingested for this CVE yet.