SecurityWeek reports that updates have been issued by Cisco to fix the medium-severity Identity Services Engine and ISE Passive Identity Connector flaw, tracked as CVE-2026-20029, following the release of a proof-of-concept exploit.Authenticated threat actors and admin privileges could remotely harness the vulnerability, which stems from improper XML parsing within Cisco ISE and ISE-PIC's web management interface, to read arbitrary files from the operating system that contain sensitive information that even administrators could not access, according to an advisory from Cisco.All Cisco ISE and ISE-PIC instances are affected by the issue, which was discovered by Trend Micro Zero Day Initiative's Bobby Gould. Despite the existence of a public PoC, no active exploitation of the flaw has been observed so far."The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory," said the report.
Vulnerability Management, Patch/Configuration Management
Cisco ISE, ISE-PIC flaw patched following PoC exploit release

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



