CyberSecurity News

Cisco ISE Vulnerability Allows Remote Data Access (PoC

Cisco ISE Vulnerability within its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allowed authenticated administrators to access sensitive server files. Dubbed...

Marcus Rodriguez
Marcus Rodriguez
January 8, 2026 2 Min Read
14 0

Cisco ISE Vulnerability within its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allowed authenticated administrators to access sensitive server files.

Dubbed CVE-2026-20029, the vulnerability stems from a flaw in XML parsing in the web management interface and is assigned a CVSS score yet to be finalized, but is flagged as high severity due to its potential for data exposure.

An attacker with valid admin credentials can upload a malicious XML file, tricking the system into reading arbitrary files from the underlying OS. This could leak secrets such as configuration data, credentials, or other information that is off-limits even to admins.

“Successful exploitation grants access to files that should remain hidden,” Cisco warned in its advisory, emphasizing that no workarounds exist.

All versions of Cisco ISE and ISE-PIC are vulnerable, regardless of configuration. The Cisco Product Security Incident Response Team (PSIRT) confirmed no other products are impacted. Proof-of-concept (PoC) exploit code is publicly available, but PSIRT reports no malicious attacks to date.

Zero Day Initiative researcher Bobby Gould at Trend Micro deserves credit for the discovery. Organizations relying on ISE for network access control, especially in enterprise or cloud environments, face increased risk if ISE is unpatched.

Patches and Upgrade for ISE Vulnerability

Cisco urges immediate upgrades. Here’s a breakdown of fixed releases:

Cisco ISE/ISE-PIC Release First Fixed Release
Earlier than 3.2 Migrate to a fixed release
3.2 3.2 Patch 8
3.3 3.3 Patch 8
3.4 3.4 Patch 4
3.5 Not vulnerable

Upgrade via Cisco’s ISE support page guides. PSIRT validates only listed releases.

ISE powers zero-trust architectures, making this XXE-style bug a nightmare for compliance-heavy sectors like finance and healthcare. Attackers could chain it with privilege escalation for deeper breaches. With PoC available, threat actors may weaponize it soon.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCVEExploitPatchSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts