Cisco has released security patches for its Identity Services Engine (ISE) after discovering a vulnerability that could allow attackers with admin privileges to access sensitive data. A proof-of-concept exploit is publicly available, emphasizing the importance of timely updates. #CVE-2026-20029 #CiscoISE #UAT-9686
Keypoints
- Cisco patched a critical vulnerability in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC).
- The flaw involves improper XML parsing, which could allow attackers with admin privileges to access sensitive files.
- A proof-of-concept exploit code is available online, raising the risk of potential abuse.
- Cisco recommends upgrading to fixed software versions, as workarounds are temporary solutions.
- Multiple vulnerabilities in Cisco IOS XE were also addressed, though no active exploits were observed.