Cisco disclosed four critical vulnerabilities on April 16, 2026 affecting Identity Services Engine (ISE), ISE Passive Identity Connector (ISE-PIC), and Webex Services. The Webex SAML certificate validation flaw enables unauthenticated user impersonation and requires explicit customer action in Control Hub to fully remediate. The three ISE flaws enable authenticated attackers to escalate to root on network access control infrastructure.