Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Cisco ISE and Webex Services

17 April 2026

Cisco has released security updates to address multiple security vulnerabilities in two of its products: Identity Services Engine (ISE) and Webex Services. There are no indications that these vulnerabilities are being exploited in the wild when this alert is reported. However,successful exploitation of these vulnerabilities may result in gaining root access and remote code execution. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Cisco has released security updates to address multiple security vulnerabilities in two of its products: Identity Services Engine (ISE) (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) and Webex Services (CVE-2026-20184). These vulnerabilities are caused by two main issues: insufficient validation of user input in ISE systems, and improper certificate validation in Webex Services' single sign-on (SSO) integration with Control Hub.

Impact

Successful exploitation of the vulnerabilities could allow: 

  • CVE-2026-20147 (CVSSv3.1: 9.9): An authenticated remote attacker in possession of valid administrative credentials to achieve remote code execution by sending crafted Hypertext Transfer Protocol (HTTP) requests.

  • CVE-2026-20180 and CVE-2026-20186 (CVSSv3.1: 9.9): An authenticated remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests.

  • CVE-2026-20184 (CVSSv3.1: 9.8): An unauthenticated remote attacker to impersonate any user within the service and gain unauthorised access to legitimate Cisco Webex services.

Affected Products

The following product versions are affected by the vulnerabilities.

For CVE-2026-20147:

  • All Cisco ISE versions 3.5 and below

For CVE-2026-20180 and CVE-2026-20186:

  • All Cisco ISE versions 3.4 and below

For CVE-2026-20184:

  • All Cisco Webex Services using SSO integration with Control Hub

Recommendation

Users and administrators of affected products are advised to update to the latest versions immediately. For additional details and guidance, please refer to Cisco’s official advisories.

References

https://thehackernews.com/2026/04/cisco-patches-four-critical-identity.html

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ#fs

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv#fs

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL#vp

https://nvd.nist.gov/vuln/detail/CVE-2026-20147

https://nvd.nist.gov/vuln/detail/CVE-2026-20180

https://nvd.nist.gov/vuln/detail/CVE-2026-20186

https://nvd.nist.gov/vuln/detail/CVE-2026-20184

Back to top