HomeIntelligenceBrief
🛡️ VULNERABILITY BRIEF🔴 Critical🛡️ Vulnerability

Critical Vulnerabilities in Cisco Identity Services Engine and Webex Enable Code Execution and User Impersonation

Cisco disclosed four critical CVEs (2026‑20184, 20147, 20180, 20186) that allow unauthenticated attackers to impersonate users or authenticated admins to execute arbitrary code on ISE and Webex. The flaws affect any organization using Cisco's identity and collaboration services, making rapid patching essential for third‑party risk management.

🛡️ LiveThreat™ Intelligence · 📅 April 17, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
🛡️
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Critical Vulnerabilities in Cisco Identity Services Engine and Webex Enable Code Execution and User Impersonation

What Happened — Cisco disclosed and patched four critical vulnerabilities (CVE‑2026‑20184, CVE‑2026‑20147, CVE‑2026‑20180, CVE‑2026‑20186) affecting its Identity Services Engine (ISE) and Webex platforms. The flaws allow unauthenticated or low‑privilege attackers to bypass certificate checks, execute arbitrary OS commands, or impersonate any user.

Why It Matters for TPRM

  • Exploitation could give threat actors footholds inside corporate networks, compromising downstream SaaS and on‑prem services.
  • Identity‑centric breaches often cascade to third‑party data stores, amplifying supply‑chain risk.
  • Unpatched Cisco stacks are common in MSP, MSSP, and cloud‑hosted environments; a single flaw can affect dozens of downstream customers.

Who Is Affected — Enterprises across all sectors that rely on Cisco ISE for network access control, and organizations using Webex for collaboration (technology, finance, healthcare, government, education, etc.).

Recommended Actions

  • Verify that all Cisco ISE and Webex instances have been updated to the latest firmware released after April 16 2026.
  • Conduct a rapid inventory of any third‑party services that integrate with Cisco SSO or use Webex APIs; confirm they are patched.
  • Review privileged account management and certificate validation controls for any residual exposure.

Technical Notes

  • CVE‑2026‑20184 (CVSS 9.8) – Improper certificate validation in Webex SSO integration with Control Hub enables unauthenticated user impersonation.
  • CVE‑2026‑20147 (CVSS 9.9) – Input validation flaw in ISE/ISE‑PIC allows an authenticated admin to execute remote code via crafted HTTP requests.
  • CVE‑2026‑20180 / CVE‑2026‑20186 (CVSS 9.9) – Read‑only admin access can be leveraged to run arbitrary OS commands on ISE through malformed HTTP payloads.
  • No public evidence of active exploitation at time of disclosure.

Source: SecurityAffairs – Cisco fixed four critical flaws in Identity Services and Webex

📰 Original Source
https://securityaffairs.com/190909/security/cisco-fixed-four-critical-flaws-in-identity-services-and-webex.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →