CVE-2026-20029

MEDIUM EXPLOITED

Cisco Identity Services Engine Software - Authenticated XML External Entity Injection via Malicious File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2026-20029 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.

References (1)

Core 1

Scores

CVSS v3 4.9
EPSS 0.0564
EPSS Percentile 91.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2026-02-24
CWE
CWE-611
Status published
Products (31)
Cisco/Cisco Identity Services Engine Software 3.1.0
Cisco/Cisco Identity Services Engine Software 3.1.0 p1
Cisco/Cisco Identity Services Engine Software 3.1.0 p10
Cisco/Cisco Identity Services Engine Software 3.1.0 p2
Cisco/Cisco Identity Services Engine Software 3.1.0 p3
Cisco/Cisco Identity Services Engine Software 3.1.0 p4
Cisco/Cisco Identity Services Engine Software 3.1.0 p5
Cisco/Cisco Identity Services Engine Software 3.1.0 p6
Cisco/Cisco Identity Services Engine Software 3.1.0 p7
Cisco/Cisco Identity Services Engine Software 3.1.0 p8
... and 21 more
Published Jan 07, 2026
Tracked Since Feb 18, 2026