Cisco Identity Services: CVE-2026-20184 SSO Validation Fail & RCE

Just saw the drop on The Hacker News regarding the latest Cisco patch Tuesday. The headline grabber is definitely CVE-2026-20184 in Cisco Identity Services Engine (ISE).

We're looking at a CVSS 9.8 here because of improper certificate validation during SSO integration. The implication is pretty severe: if your SSO integration is vulnerable, an attacker could theoretically execute arbitrary code or, even worse, fully impersonate any user within the service context.

For those running ISE, this bypasses the whole point of a centralized IdP. It’s a classic case of trusting the input without verifying the chain. If you want to verify the integrity of your SSL connections to the SSO endpoint while you wait to patch, you can run a quick sanity check using Python to ensure strict hostname matching is actually happening (which the patch enforces):

import ssl
import socket

def check_cert_validation(hostname, port=443):
    context = ssl.create_default_context()
    # Ensure strict checking
    context.verify_mode = ssl.CERT_REQUIRED
    try:
        with socket.create_connection((hostname, port)) as sock:
            with context.wrap_socket(sock, server_hostname=hostname) as ssock:
                cert = ssock.getpeercert()
                return True, cert
    except Exception as e:
        return False, str(e)

# Replace with your ISE SSO URL
print(check_cert_validation("ise-sso.internal.local"))

Also, keep an eye on Webex Services—there are additional critical flaws there, though the ISE one feels the most dangerous for internal network security.

For the sysadmins here: How are you handling the ISE patch cycle? Do you typically stand up a secondary node to test before rolling to production, given how critical ISE is for network access?