Cisco patches XML parsing flaw in ISE and Snort 3 software
🔒 Cisco has issued updates to address a medium-severity XML parsing vulnerability (CVE-2026-20029, CVSS 4.9) in Identity Services Engine (ISE) and ISE Passive Identity Connector. The flaw in the licensing feature allows an authenticated administrator to upload a crafted file and read arbitrary files from the underlying operating system. Cisco lists specific fixed releases and patches (pre-3.2 must migrate; 3.2/3.3/3.4 have patches; 3.5 not vulnerable), reports no workaround, and acknowledges a public PoC while noting no known in-the-wild exploitation. The advisory also includes fixes for two Snort 3 DCE/RPC issues affecting multiple Cisco products.
