By Guru Baran
Publication Date: 2026-01-08 11:48:00
Cisco has patched a critical flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that lets authenticated administrators snoop on sensitive server files.
Dubbed CVE-2026-20029, the vulnerability stems from a flaw in XML parsing in the web management interface and is assigned a CVSS score yet to be finalized, but is flagged as high severity due to its potential for data exposure.
An attacker with valid admin credentials can upload a malicious XML file, tricking the system into reading arbitrary files from the underlying OS. This could leak secrets such as configuration data, credentials, or other information that is off-limits even to admins.
“Successful exploitation grants access to files that should remain hidden,” Cisco warned in its advisory, emphasizing that no workarounds exist.
All versions of Cisco ISE and ISE-PIC are vulnerable, regardless of configuration. The Cisco Product Security Incident…
