Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability (CVE-2026-20029)
Cisco released a security advisory to address a medium-severity vulnerability impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC. Tracked as CVE-2026-20029, the vulnerability may allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.
Cisco mentioned in their advisory that “Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability.”
Cisco Identity Services Engine (ISE) is a network security system that helps ensure that only trusted users and devices can access resources on a network. ISE is a standard policy engine that enables endpoint access control and network device administration.
Vulnerability Details
This vulnerability originates from an improper parsing of XML processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. Upon successful exploitation, an attacker could read arbitrary files from the underlying operating system, including sensitive data. To exploit this vulnerability, the attacker must have valid administrative credentials.
Affected and Patched Versions
| Cisco ISE or ISE-PIC Release | First Fixed Release |
| Earlier than 3.2 | Migrate to a fixed release. |
| 3.2 | 3.2 Patch 8 |
| 3.3 | 3.3 Patch 8 |
| 3.4 | 3.4 Patch 4 |
| 3.5 | Not vulnerable. |
For more information, please refer to Cisco Security Advisory (cisco-sa-ise-xxe-jWSbSDKt).
Qualys Detection
Qualys customers can scan their devices with QID 317753 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Comments are closed.