{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20136", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.381Z", "datePublished": "2026-04-15T16:11:29.398Z", "dateUpdated": "2026-04-16T03:55:30.918Z"}, "containers": {"cna": {"title": "Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB", "name": "cisco-sa-ise-cmd-inj-5WSJcYJB"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ise-cmd-inj-5WSJcYJB", "discovery": "EXTERNAL", "defects": ["CSCwp98770"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Encoding or Escaping of Output", "type": "cwe", "cweId": "CWE-116"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.1.0", "status": "affected"}, {"version": "3.1.0 p1", "status": "affected"}, {"version": "3.1.0 p3", "status": "affected"}, {"version": "3.1.0 p2", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.1.0 p4", "status": "affected"}, {"version": "3.1.0 p5", "status": "affected"}, {"version": "3.2.0 p1", "status": "affected"}, {"version": "3.1.0 p6", "status": "affected"}, {"version": "3.2.0 p2", "status": "affected"}, {"version": "3.1.0 p7", "status": "affected"}, {"version": "3.3.0", "status": "affected"}, {"version": "3.2.0 p3", "status": "affected"}, {"version": "3.2.0 p4", "status": "affected"}, {"version": "3.1.0 p8", "status": "affected"}, {"version": "3.2.0 p5", "status": "affected"}, {"version": "3.2.0 p6", "status": "affected"}, {"version": "3.1.0 p9", "status": "affected"}, {"version": "3.3 Patch 2", "status": "affected"}, {"version": "3.3 Patch 1", "status": "affected"}, {"version": "3.3 Patch 3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}, {"version": "3.2.0 p7", "status": "affected"}, {"version": "3.3 Patch 4", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.1.0 p10", "status": "affected"}, {"version": "3.3 Patch 5", "status": "affected"}, {"version": "3.3 Patch 6", "status": "affected"}, {"version": "3.4 Patch 2", "status": "affected"}, {"version": "3.3 Patch 7", "status": "affected"}, {"version": "3.4 Patch 3", "status": "affected"}, {"version": "3.5.0", "status": "affected"}, {"version": "3.4 Patch 4", "status": "affected"}, {"version": "3.3 Patch 8", "status": "affected"}, {"version": "3.2 Patch 8", "status": "affected"}, {"version": "3.5 Patch 1", "status": "affected"}, {"version": "3.3 Patch 9", "status": "affected"}, {"version": "3.2 Patch 9", "status": "affected"}, {"version": "3.4 Patch 5", "status": "affected"}, {"version": "3.5 Patch 2", "status": "affected"}, {"version": "3.3 Patch 10", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:11:29.398Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-20136"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:55:30.918Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T16:41:18.256433Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:10.370Z"}}], "cna": {"title": "Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability", "source": {"defects": ["CSCwp98770"], "advisory": "cisco-sa-ise-cmd-inj-5WSJcYJB", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.0 p1"}, {"status": "affected", "version": "3.1.0 p3"}, {"status": "affected", "version": "3.1.0 p2"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.1.0 p4"}, {"status": "affected", "version": "3.1.0 p5"}, {"status": "affected", "version": "3.2.0 p1"}, {"status": "affected", "version": "3.1.0 p6"}, {"status": "affected", "version": "3.2.0 p2"}, {"status": "affected", "version": "3.1.0 p7"}, {"status": "affected", "version": "3.3.0"}, {"status": "affected", "version": "3.2.0 p3"}, {"status": "affected", "version": "3.2.0 p4"}, {"status": "affected", "version": "3.1.0 p8"}, {"status": "affected", "version": "3.2.0 p5"}, {"status": "affected", "version": "3.2.0 p6"}, {"status": "affected", "version": "3.1.0 p9"}, {"status": "affected", "version": "3.3 Patch 2"}, {"status": "affected", "version": "3.3 Patch 1"}, {"status": "affected", "version": "3.3 Patch 3"}, {"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.2.0 p7"}, {"status": "affected", "version": "3.3 Patch 4"}, {"status": "affected", "version": "3.4 Patch 1"}, {"status": "affected", "version": "3.1.0 p10"}, {"status": "affected", "version": "3.3 Patch 5"}, {"status": "affected", "version": "3.3 Patch 6"}, {"status": "affected", "version": "3.4 Patch 2"}, {"status": "affected", "version": "3.3 Patch 7"}, {"status": "affected", "version": "3.4 Patch 3"}, {"status": "affected", "version": "3.5.0"}, {"status": "affected", "version": "3.4 Patch 4"}, {"status": "affected", "version": "3.3 Patch 8"}, {"status": "affected", "version": "3.2 Patch 8"}, {"status": "affected", "version": "3.5 Patch 1"}, {"status": "affected", "version": "3.3 Patch 9"}, {"status": "affected", "version": "3.2 Patch 9"}, {"status": "affected", "version": "3.4 Patch 5"}, {"status": "affected", "version": "3.5 Patch 2"}, {"status": "affected", "version": "3.3 Patch 10"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB", "name": "cisco-sa-ise-cmd-inj-5WSJcYJB"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-116", "description": "Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:11:29.398Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20136", "state": "PUBLISHED", "dateUpdated": "2026-04-16T03:55:30.918Z", "dateReserved": "2025-10-08T11:59:15.381Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-04-15T16:11:29.398Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system."}], "id": "CVE-2026-20136", "lastModified": "2026-04-17T15:09:46.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-04-15T17:17:02.150", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.4.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2.0 p7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4 Patch 1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0 p10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4 Patch 2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4 Patch 3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.5.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4 Patch 4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2 Patch 8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.5 Patch 1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.2 Patch 9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.4 Patch 5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.5 Patch 2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.3 Patch 10"}}], "enrichment": {"confidence": 93.0, "confidence_source": "matching", "scores": [{"score": 93.0, "source": "matching"}]}, "original": {"product": "Cisco Identity Services Engine Software", "source": "cna", "vendor": "Cisco"}, "product": "identity_services_engine_software", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-16T02:31:41.194417+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch or upgrade to the latest Cisco ISE firmware that eliminates the command\u2011injection flaw.", "Restrict local CLI access to administrators with least\u2011privilege accounts and enforce account separation.", "Disable or limit the execution of the affected CLI command through configuration or access\u2011control policies."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Cisco Identity Services Engine Software and the Cisco ISE Passive Identity Connector. No specific version ranges are listed in the advisory, so any installation that includes the vulnerable CLI command is potentially affected. The issue applies to systems where local CLI access is granted to administrative accounts.", "description_and_impact": "The flaw is a command injection vulnerability in the command\u2011line interface of Cisco Identity Services Engine (ISE) and the ISE Passive Identity Connector. It is based on CWE\u2011116, indicating insufficient input validation that allows crafted user data to be executed by the underlying operating system. When successfully exploited, the attacker\u2019s privileges are raised to system root, granting full control of the host and the potential to move laterally across the network. Based on the description, it is inferred that the attack vector requires an authenticated, local administrator with CLI access. The advisory does not provide a direct exploitation pathway but indicates that the flaw can be triggered by supplying malicious input to a specific command.", "risk_and_exploitability": "The moderate CVSS score (6) combined with the absence of an EPSS value or KEV listing suggests the likelihood of active exploitation is uncertain. However, the vulnerability can be leveraged by anyone with authenticated local admin rights to inject shell commands that execute with root privilege, leading to a full system compromise. The exploitation vector is inferred from the description to be remote from the perspective of local access, but requires privileged user interaction."}}}}, "created": "2026-04-15T21:00:09.452976+00:00", "updated": "2026-04-16T02:45:06.075332+00:00", "vendors": ["cisco", "cisco$PRODUCT$identity_services_engine_software"]}