Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

/ Daily Cyber News, Exploitation, Network Security, Threat, Vulnerabilities

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released.

The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative privileges to access sensitive information.

Vulnerability Details

Cisco explained that the issue arises due to improper XML parsing in the web-based management interface of ISE and ISE-PIC. An attacker could exploit this by uploading a malicious XML file to the application. Successful exploitation allows reading arbitrary files from the underlying operating system, including files that should normally be restricted even to administrators.

Discovery: The flaw was reported by Bobby Gould of Trend Micro’s Zero Day Initiative.

Affected Versions:

  • ISE or ISE-PIC releases earlier than 3.2 – migrate to a fixed release
  • Release 3.2 – update to Patch 8
  • Release 3.3 – update to Patch 8
  • Release 3.4 – update to Patch 4
  • Release 3.5 – not vulnerable

Cisco confirmed there are no workarounds, and is aware of the PoC exploit, but there are no reports of active exploitation in the wild.

Related Snort 3 Vulnerabilities

Alongside CVE-2026-20029, Cisco released fixes for two additional medium-severity vulnerabilities in Snort 3 related to Distributed Computing Environment Remote Procedure Call (DCE/RPC) processing:

  • CVE-2026-20026 (CVSS 5.8) – Denial-of-service vulnerability
  • CVE-2026-20027 (CVSS 5.3) – Information disclosure vulnerability

These flaws could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to leak sensitive information or restart, impacting availability.

Acknowledgment: Trend Micro researcher Guy Lederfein reported these Snort 3 issues.

Impacted Products:

  • Cisco Secure Firewall Threat Defense (FTD) if Snort 3 is configured
  • Cisco IOS XE Software
  • Cisco Meraki Software



Found this article interesting? Follow us on  X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.

Related Posts