Cisco has patched serious flaws in Identity Services Engine (ISE), the platform many organizations use to control who and what connects to their network. The most severe is a critical remote-code-execution bug that can give an attacker root-level control of the appliance. A second flaw, CVE-2026-20190, is an unauthenticated information-disclosure issue caused by weak authorization checks, letting a remote attacker pull sensitive data, including hashed credentials, that could fuel follow-on attacks and lateral movement. All versions of ISE and ISE-PIC are affected, though which flaws apply varies by release. Cisco has not reported active exploitation, but ISE sits at the heart of network access control.