PT-2026-60218 · Cisco · Cisco Ise Passive Identity Connector+1

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-20146

CVSS v3.1

5.5

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions prior to 3.3 Cisco Identity Services Engine versions 3.3 through 3.3 before Patch 12 Cisco Identity Services Engine versions 3.4 through 3.4 before Patch 7 Cisco Identity Services Engine versions 3.5 through 3.5 before Patch 4 Cisco ISE Passive Identity Connector (affected versions not specified)
Description An authenticated remote attacker with administrative credentials can perform path traversal attacks on the underlying operating system by sending a crafted HTTP request. This issue stems from improper validation of user-supplied input, which could allow the attacker to read or delete arbitrary sensitive files.
Recommendations Migrate deployments earlier than version 3.3 to a supported fixed release. Update to version 3.3 Patch 12 or apply the available hot patch. Update to version 3.4 Patch 7 or apply the available hot patch. Update to version 3.5 Patch 4 or apply the available hot patch.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-20146

Affected Products

Cisco Ise Passive Identity Connector
Identity Services Engine