Cisco Identity Services Engine Authentication Bypass Vulnerabilities

Cisco Identity Services Engine (ISE) is affected by multiple vulnerabilities that could lead to unauthorized access and information disclosure. These vulnerabilities, identified as CVE-2026-20193 and CVE-2026-20195, can be exploited by a remote attacker to bypass authorization controls or to glean sensitive data from error messages. Successful exploitation could compromise the confidentiality and integrity of the affected Cisco ISE deployment. Cisco has released software updates to address these issues; there are no known workarounds.

Attack Chain

1. Attacker identifies a vulnerable Cisco ISE instance exposed to the network.
2. The attacker sends a crafted request designed to exploit CVE-2026-20193, aiming to bypass authentication.
3. Due to insufficient authorization checks, the attacker gains unauthorized access to certain features or data within ISE.
4. Alternatively, the attacker sends specific requests crafted to trigger verbose error messages related to CVE-2026-20195.
5. The attacker parses the error messages, extracting sensitive information such as configuration details or internal system data.
6. The attacker uses the acquired information to further compromise the ISE system or gain access to connected network resources.

Impact

Successful exploitation of these vulnerabilities could allow unauthorized access to the Cisco ISE, potentially exposing sensitive configuration data and network access policies. While the advisory does not specify the number of affected customers, a successful attack could enable an attacker to move laterally within the network or disrupt network services.

Recommendation

• Apply the latest software updates provided by Cisco to address CVE-2026-20193 and CVE-2026-20195 on all affected Cisco Identity Services Engine (ISE) instances.
• Monitor network traffic for suspicious requests targeting Cisco ISE instances that may indicate exploitation attempts.