Cisco has released security updates to fix a medium-severity flaw in its Identity Services Engine and ISE Passive Identity Connector, after a public proof-of-concept exploit surfaced. The vulnerability tracked as CVE-2026-20029 with a CVSS score of 4.9 affects the licensing feature and could allow an authenticated remote attacker with administrative privileges to access sensitive information.
“This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC,” Cisco said in a Wednesday advisory. “An attacker could exploit this vulnerability by uploading a malicious file to the application.” If exploited, the flaw could allow an attacker with valid administrative credentials to read arbitrary files on the underlying operating system that should normally be off-limits even to administrators. The flaw was discovered by a security researcher from a zero-day initiative. Affected versions include releases earlier than 3.2 which require migration to a fixed release, Release 3.2 which requires Patch 8, Release 3.3 requiring Patch 8, Release 3.4 requiring Patch 4, while Release 3.5 is not vulnerable. Cisco noted that there are no workarounds and it is aware of PoC exploit code availability but has not seen evidence of attacks in the wild.
In addition to the ISE vulnerability, Cisco patched two medium-severity flaws in the Snort 3 Detection Engine related to processing Distributed Computing Environment Remote Procedure Call requests. These issues could allow an unauthenticated remote attacker to either leak sensitive data or cause a system restart affecting availability. CVE-2026-20026 with a CVSS score of 5.8 is a denial-of-service vulnerability and CVE-2026-20027 with a CVSS score of 5.3 allows information disclosure. Both were reported by a Trend Micro researcher.
These Snort 3 issues affect multiple Cisco products including Cisco Secure Firewall Threat Defense Software when Snort 3 is configured, Cisco IOS XE Software and Cisco Meraki software. With Cisco products often targeted by attackers, users are strongly advised to update to the latest versions to ensure protection. Timely updates remain the best defense against potential exploitation of these flaws.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
