By Sead Fadilpašić
Publication Date: 2026-01-08 16:40:00
- CVE-2026-20029 in Cisco ISE/ISE-PIC allows arbitrary file reads via malicious XML uploads
- Exploitation requires valid admin credentials; no workarounds exist—patching is the only fix
- PoC exploit available; past ISE flaws show attackers actively target enterprise network access controls
Cisco has patched a medium-severity vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), for which there is a proof-of-concept (PoC) exploit.
In a security advisory published by Cisco, the network giant said the bug was due to improper parsing of XML that is processed by the web-based management interface of the affected tools.
The bug, tracked as CVE-2026-20029 and assigned a severity score of 4.9/10 (medium), allows an unauthenticated, remote attacker with administrative privileges to gain access to sensitive information.
Patches and workarounds
By uploading a malicious file to the application, an attacker could be allowed to read arbitrary…