- CVE-2026-20029 in Cisco ISE/ISE-PIC allows arbitrary file reads via malicious XML uploads
- Exploitation requires valid admin credentials; no workarounds exist—patching is the only fix
- PoC exploit available; past ISE flaws show attackers actively target enterprise network access controls
Cisco has patched a medium-severity vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), for which there is a proof-of-concept (PoC) exploit.
In a security advisory published by Cisco, the network giant said the bug was due to improper parsing of XML that is processed by the web-based management interface of the affected tools.
The bug, tracked as CVE-2026-20029 and assigned a severity score of 4.9/10 (medium), allows an unauthenticated, remote attacker with administrative privileges to gain access to sensitive information.
Patches and workarounds
By uploading a malicious file to the application, an attacker could be allowed to read arbitrary files from the underlying operating system, accessing sensitive and private information. To exploit the vulnerability, the threat actor needs to have valid admin credentials.
There are no workarounds for the vulnerability, Cisco warned, and the only way to address the problem is to patch the applications. Different versions have different patches, so make sure to apply the correct one:
Earlier than 3.2 – Migrate to a fixed release
3.2- 3.2 Patch 8
3.3- 3.3 Patch 8
3.4- 3.4 Patch 4
3.5 – Not vulnerable
While the network giant said it saw no evidence of the vulnerability being actively exploited in the wild, it did say that proof-of-concept code is available. In other words – it is only a matter of time before we see an organization lose sensitive files through this bug.
Cisco Identity Services Engine (ISE) is most commonly used in medium to large enterprise environments where organizations need centralized control over who and what can access their networks. As such, it is a popular target among cybercriminals.
In November 2025, it was found that “sophisticated” threat actors were using a 10/10 zero-day in ISE to deploy custom backdoor malware.
In June 2025, Cisco patched three bugs in ISE and Customers Collaboration Platform, including a critical-severity issue with a public proof-of-concept exploit.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/pVCXKrhThqmUjYVSZBjV5Z-2560-80.jpg
Source link
