**Cisco** has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. ### Vulnerability Details The vulnerabilities patched are: * **CVE-2026-20184** (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Webex Services. This could allow an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access to legitimate **Cisco Webex** services. * **CVE-2026-20147** (CVSS score: 9.9) - An insufficient validation of user-supplied input vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). This could allow an authenticated, remote attacker in possession of valid administrative credentials to achieve remote code execution by sending crafted HTTP requests. * **CVE-2026-20180** and **CVE-2026-20186** (CVSS scores: 9.9) - Multiple insufficient validation of user-supplied input vulnerabilities in ISE. This could allow an authenticated, remote attacker in possession of read-only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests. According to **Cisco**, a successful exploit of **CVE-2026-20147**, **CVE-2026-20180**, and **CVE-2026-20186** could grant an attacker user-level access to the underlying operating system and the ability to escalate privileges to root. Furthermore, in single-node ISE deployments, successful exploitation could lead to a denial-of-service (DoS) condition, preventing endpoints from authenticating until the node is restored. ### Remediation **CVE-2026-20184** requires no customer action as it's cloud-based. However, customers using SSO are advised to upload a new identity provider (IdP) SAML certificate to Control Hub. Instructions can be found [here](https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214). The remaining vulnerabilities have been addressed in the following **Cisco ISE** versions: * **CVE-2026-20147** * **Cisco ISE** or ISE-PIC Release earlier than 3.1: Migrate to a fixed release * **Cisco ISE** Release 3.1: 3.1 Patch 11 * **Cisco ISE** Release 3.2: 3.2 Patch 10 * **Cisco ISE** Release 3.3: 3.3 Patch 11 * **Cisco ISE** Release 3.4: 3.4 Patch 6 * **Cisco ISE** Release 3.5: 3.5 Patch 3 * **CVE-2026-20180** and **CVE-2026-20186** * **Cisco ISE** Release earlier than 3.2: Migrate to a fixed release * **Cisco ISE** Release 3.2: 3.2 Patch 8 * **Cisco ISE** Release 3.3: 3.3 Patch 8 * **Cisco ISE** Release 3.4: 3.4 Patch 4 * **Cisco ISE** Release 3.5: Not Vulnerable ### Recommendations While **Cisco** is not aware of any active exploitation of these vulnerabilities, it is crucial that users update their instances to the latest versions to ensure optimal protection against potential attacks.