CVE-2026-20029

CWE-611XML External Entity (XXE)7 documents7 sources
Severity
4.9MEDIUM
EPSS
0.0%
top 85.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Identity Services Engine Software
Timeline
PublishedJan 7
Latest updateJan 8

Description

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-f26c-v5jj-mj89: A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an au2026-01-07
CVEList
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability2026-01-07
VulnCheck
Cisco Identity Services Engine Improper Restriction of XML External Entity Reference2026

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability2026-01-07

🕵️Threat Intelligence

2
Bleepingcomputer
Cisco warns of Identity Service Engine flaw with exploit code2026-01-08
Wiz
CVE-2026-20029 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20029 (MEDIUM CVSS 4.9) | A vulnerability in the licensing fe | cvebase.io