Identity Services Engine vulnerability patched by Cisco after PoC exploit appeared

Cisco patched a medium-severity vulnerability (CVE-2026-20029) in Identity Services Engine and the Passive Identity Connector after proof-of-concept exploit code became available; Cisco reports the flaw stems from improper XML parsing and says applying vendor patches is the only remediation.

Cisco published an advisory and released patches for a medium-severity vulnerability affecting Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The company said the bug is due to improper parsing of XML in the web-based management interface. The issue is tracked as CVE-2026-20029 with a severity score of 4.9/10. Cisco reported proof-of-concept exploit code is publicly available but said it has seen no evidence of active exploitation. What is known: - Cisco released patches for the vulnerability affecting ISE and ISE-PIC (CVE-2026-20029). - The flaw is related to improper XML parsing in the web management interface. - Proof-of-concept exploit code is publicly available, while Cisco reports no confirmed active exploitation. - Cisco says exploitation requires valid administrative credentials and that there are no workarounds; vendor patches are provided for different product versions. Summary: Cisco describes the issue as a medium-severity information-disclosure vulnerability and has published fixes for affected versions. The vendor states that applying the provided patches is the means to address the flaw; details on additional follow-up actions were not indicated.