Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco ISE and ISE-PIC XML parsing arbitrary file read security flaw (CVE-2026-20029)

Vulnerability
First reported
Last updated
Happening score
H score 45
2 unique sources, 2 articles

Summary

Hide ▲

Cisco has patched CVE-2026-20029 in ISE and ISE-PIC, closing an XML parsing flaw that could let an attacker with valid administrative credentials read arbitrary files from unpatched systems. Public proof-of-concept exploit code is already available, which raises the risk for exposed deployments. Cisco said it saw no active exploitation, but it strongly recommends upgrading to the fixed software to avoid future exposure.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

Langflow CVE-2026-33017 exploitation wave

Exploitation Wave
First: 20.03.2026 12:20 Last: 20.03.2026 12:20 Sources 1

About this happening: **CVE-2026-33017** in **Langflow** is being exploited in a fast-moving **early wave** that surfaced within **20 hours** of the advisory, putting exposed instances at immediate ris...

Open Happening

Timeline

  1. 08.01.2026 11:13 2 articles · 4mo ago

    Cisco discloses CVE-2026-20029 in ISE and ISE-PIC

    Initial Disclosure

    Cisco patched CVE-2026-20029 in Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC), a flaw in the web-based management interface’s XML parsing that can let an attacker with valid administrative credentials upload a malicious file and read arbitrary files from the underlying operating system on unpatched devices, including sensitive data that should otherwise be inaccessible even to administrators. Cisco PSIRT said it found no evidence of active exploitation but warned that public proof-of-concept exploit code is available, and it urged customers to move to the fixed releases rather than rely on temporary workarounds or mitigations.

    Show sources
    Open in new tab