Patch Cisco ISE bug now before attackers abuse proof-of-concept exploit

Cisco patched a bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products that allows remote attackers with admin-level privileges to access sensitive information - and warned that a public, proof-of-concept exploit for the flaw exists online.

ISE is Cisco's network access control and security policy platform, and companies use it to centrally manage and enforce security policies across users and devices.

The bug, tracked as CVE-2026-20029, received a medium-severity 4.9 CVSS rating and it affects ISE and ISE-PIC, regardless of device configuration. It's due to improper parsing of XML processed by ISE and ISE-PIC's web-based management interface.

"An attacker could exploit this vulnerability by uploading a malicious file to the application," according to the Wednesday security advisory. "A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be ...