- CVE-2026-20029 in Cisco ISE/ISE-PIC allows arbitrary file reads via malicious XML uploads
- Mining requires valid administrator credentials; no workaround exists: the fix is the only fix
- PoC exploit available; Past ISE Breaches Show Attackers Actively Targeting Corporate Network Access Controls
Cisco fixed a medium severity vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), for which there is a proof of concept (PoC) exploit.
In a security advisory published by Cisco, the networking giant said the bug was caused by incorrect parsing of XML processed by the web management interface of the affected tools.
The bug, tracked as CVE-2026-20029 and assigned a severity score of 4.9/10 (medium), allows an unauthenticated, remote attacker with administrative privileges to access sensitive information.
Fixes and workarounds
By uploading a malicious file to the application, an attacker could be allowed to read arbitrary files from the underlying operating system, thereby accessing sensitive and private information. To exploit the vulnerability, the malicious actor must have valid administrator credentials.
There is no workaround for this vulnerability, Cisco warned, and the only way to fix the problem is to patch applications. Different versions have different fixes, so make sure you apply the correct one:
Before 3.2 – Migrate to a fixed version
3.2- 3.2 Update 8
3.3- 3.3 Update 8
3.4- 3.4 Update 4
3.5 – Not vulnerable
Although the networking giant said there was no evidence that the vulnerability was being actively exploited in the wild, it did say that proof-of-concept code was available. In other words, it’s only a matter of time before an organization loses sensitive files due to this bug.
Cisco Identity Services Engine (ISE) is most often used in medium to large enterprise environments where organizations need centralized control over who and what can access their networks. As such, it is a popular target for cybercriminals.
In November 2025, “sophisticated” threat actors were found to be using a 10/10 Zero Day in ISE to deploy custom backdoor malware.
In June 2025, Cisco fixed three bugs in ISE and the Customer Collaboration Platform, including a critical severity issue with a public proof-of-concept exploit.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
