Cisco Identity Services Engine carries a two-CVE chain that enables an unauthenticated attacker to harvest credentials via path traversal, then use those credentials to achieve root-level OS code execution, with a confirmed unpatched window for the RCE component through August 2026 on ISE 3.5. ISE is the NAC platform enforcing network access policy across the enterprise; its compromise gives an attacker the ability to issue trusted certificates, bypass segmentation, and pivot freely. An unattributed APT exploited a different ISE zero-day as recently as November 2025, confirming the platform is an established high-value target.