Description
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. 

This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.
Published: 2026-01-07
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

The vulnerability is an XML External Entity (XXE) processing flaw in the licensing features of Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-­PIC). An authenticated administrator can upload a crafted XML file to the web‑based management interface, causing the server to process external entities and read arbitrary files from the underlying operating system. This can expose sensitive data that should not be accessible even to privileged users. The weakness corresponds to CWE‑611.

Affected Systems

Affected vendors and products are Cisco Identity Services Engine Software and Cisco ISE Passive Identity Connector. Specific version information is not provided in the advisory.

Risk and Exploitability

The CVSS score is 4.9, indicating moderate risk, while the EPSS score is less than 1 %, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires network access to the web interface and valid administrative credentials; therefore, the attack vector is likely local network or remote web application access, and the attacker must first authenticate as an administrator.

Generated by OpenCVE AI on April 18, 2026 at 08:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Cisco’s latest security update that addresses the XXE processing flaw for ISE and ISE‑PIC.
  • Restrict XML file upload capability or enforce strict role‑based access control so only trusted administrators can upload XML.
  • As an interim workaround, configure the application to disable external entity processing or validate uploaded XML against a schema to reject malicious content.

Generated by OpenCVE AI on April 18, 2026 at 08:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco identity Services Engine Passive Identity Connector
Cisco identity Services Engine Software
Vendors & Products Cisco
Cisco identity Services Engine Passive Identity Connector
Cisco identity Services Engine Software

Wed, 07 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in the licensing features of&nbsp;Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.&nbsp; This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.
Title Cisco Identity Services Engine XML External Entity Processing Information Disclosure Vulnerability
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Cisco Identity Services Engine Passive Identity Connector Identity Services Engine Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-01-07T16:40:58.555Z

Reserved: 2025-10-08T11:59:15.353Z

Link: CVE-2026-20029

cve-icon Vulnrichment

Updated: 2026-01-07T16:40:47.153Z

cve-icon NVD

Status : Deferred

Published: 2026-01-07T17:16:03.067

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:15:15Z

Weaknesses