Cisco has released security updates to address a critical vulnerability (CVE-2026-20029) in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow privileged users to access sensitive system files through the Web Management Interface.

Affected Systems

The following Cisco products and versions are impacted:

• Cisco ISE / ISE-PIC versions prior to 3.2

• Cisco ISE / ISE-PIC 3.2 prior to Patch 8

• Cisco ISE / ISE-PIC 3.3 prior to Patch 8

• Cisco ISE / ISE-PIC 3.4 prior to Patch 4

Security Risks

Successful exploitation could allow attackers with administrative credentials to read arbitrary operating system files, exposing sensitive information; this risk is heightened by the public availability of proof-of-concept exploit code.

For the full list of security patches released by Cisco, please refer to Cisco Security Advisories.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends the following actions:

• Follow and put in place the security updates shared by Cisco to lower the risk of vulnerability exploitation.

• Apply the required and latest security updates as soon as possible.

 The released software versions for upgrade are:

• • • Cisco ISE / ISE-PIC 3.2 Patch 8

    • Cisco ISE / ISE-PIC 3.3 Patch 8

    • Cisco ISE / ISE-PIC 3.4 Patch 4

• Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability

• Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

• Cisco warns of Identity Service Engine flaw with exploit code