Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco ISE and ISE-PIC input-validation RCE (CVE-2026-20147)

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Cisco's CVE-2026-20147 flaw in Identity Services Engine (ISE) and ISE-PIC can let authenticated admins reach remote code execution by sending crafted HTTP requests. The issue is rated CVSS 9.9 and stems from insufficient validation of user-supplied input. Cisco has already issued fixed releases for affected versions, including ISE 3.1 Patch 11 through 3.5 Patch 3. Cisco says it is not aware of exploitation in the wild.

Related Happenings

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

Cisco Webex Services improper certificate validation in SSO security flaw (CVE-2026-20184)

Vulnerability
First: 16.04.2026 15:01 Last: 16.04.2026 15:01 Sources 1

About this happening: **CVE-2026-20184** in **Cisco Webex Services** exposed the **SSO integration with Control Hub** to **remote, no-privilege impersonation** risk, creating unauthorized-access exposu...

Open Happening

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First: 23.03.2026 12:30 Last: 23.03.2026 12:30 Sources 1

About this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Timeline

  1. 16.04.2026 14:27 2 articles · 1mo ago

    Cisco discloses CVE-2026-20147 patches for ISE and ISE-PIC

    Initial Disclosure

    Cisco disclosed patches for CVE-2026-20147 affecting Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), where insufficient validation of user-supplied input could let an authenticated remote attacker with valid administrative credentials send crafted HTTP requests to achieve remote code execution; Cisco lists fixed releases for ISE 3.1 Patch 11, 3.2 Patch 10, 3.3 Patch 11, 3.4 Patch 6, and 3.5 Patch 3, and says earlier releases than 3.1 must migrate to a fixed release.

    Show sources
    Open in new tab