CVE-2026-20029

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.2 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.2 Patch 8 Cisco Identity Services Engine versions prior to 3.3 Patch 8 Cisco ISE Passive Identity Connector versions prior to 3.3 Patch 8 Cisco Identity Services Engine versions prior to 3.4 Patch 4 Cisco ISE Passive Identity Connector versions prior to 3.4 Patch 4 Cisco Identity Services Engine version 3.5 and later

Description The issue is an XML External Entity (XXE) processing flaw within the licensing feature of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This flaw allows an authenticated attacker with administrative privileges to upload a malicious file, potentially enabling them to read arbitrary files from the underlying operating system. This could expose sensitive data, including credentials and configurations. A public Proof-of-Concept (PoC) exploit code is available, increasing the risk of exploitation. The vulnerability is due to improper parsing of XML processed by the web-based management interface. There have been no reported real-world exploits at this time. The API endpoints involved are not explicitly mentioned. The vulnerability involves the processing of XML files, and the attacker can upload a malicious file. The vulnerable component is the XML parser used in the licensing feature.

Recommendations Upgrade Cisco Identity Services Engine to version 3.2 Patch 8 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.2 Patch 8 or later. Upgrade Cisco Identity Services Engine to version 3.3 Patch 8 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.3 Patch 8 or later. Upgrade Cisco Identity Services Engine to version 3.4 Patch 4 or later. Upgrade Cisco ISE Passive Identity Connector to version 3.4 Patch 4 or later. If using version 3.5 or later, no action is required.