Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco ISE and ISE-PIC XML parsing arbitrary file read security flaw (CVE-2026-20029)

Vulnerability
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

Cisco has patched CVE-2026-20029 in ISE and ISE-PIC, closing an XML parsing flaw that could let an attacker with valid administrative credentials read arbitrary files from unpatched systems. Public proof-of-concept exploit code is already available, which raises the risk for exposed deployments. Cisco said it saw no active exploitation, but it strongly recommends upgrading to the fixed software to avoid future exposure.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
H score25 First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
H score46 First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
H score25 First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
H score79 First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Langflow CVE-2026-33017 exploitation wave

Exploitation Wave
H score50 First: 20.03.2026 12:20 Last: 20.03.2026 12:20 Sources 1

About this happening: **CVE-2026-33017** in **Langflow** is being exploited in a **wider exploitation wave** that now includes **Monero miner** delivery against **exposed AI application endpoints**. Th...

Timeline

  1. 08.01.2026 11:13 2 articles · 6mo ago

    Cisco discloses CVE-2026-20029 in ISE and ISE-PIC

    Initial Disclosure

    Cisco patched CVE-2026-20029 in Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC), a flaw in the web-based management interface’s XML parsing that can let an attacker with valid administrative credentials upload a malicious file and read arbitrary files from the underlying operating system on unpatched devices, including sensitive data that should otherwise be inaccessible even to administrators. Cisco PSIRT said it found no evidence of active exploitation but warned that public proof-of-concept exploit code is available, and it urged customers to move to the fixed releases rather than rely on temporary workarounds or mitigations.

    Show sources