CVE-2026-20148
Path Traversal in Cisco ISE Allows Arbitrary File Access
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ise | 3.1 |
| cisco | ise | 3.2 |
| cisco | ise | 3.3 |
| cisco | ise | 3.4 |
| cisco | ise | 3.5 |
| cisco | ise | * |
| cisco | ise-pic | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20148 is a path traversal vulnerability affecting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an authenticated remote attacker with valid administrative credentials to send specially crafted HTTP requests that exploit improper validation of user-supplied input.
By exploiting this vulnerability, the attacker can perform path traversal attacks on the underlying operating system, enabling them to read arbitrary files on the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated attacker with administrative credentials to perform path traversal attacks and read arbitrary files on the affected system. Such unauthorized access to sensitive files could potentially lead to exposure of personal or protected data.
Because the vulnerability enables access to sensitive information, it could impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding sensitive and personal data against unauthorized access.
However, the provided information does not explicitly discuss compliance implications or specific regulatory impacts.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to access sensitive files on your system without authorization. Since the attacker must have valid administrative credentials, the risk involves misuse of privileged access.
The ability to read arbitrary files could lead to exposure of confidential information, potentially compromising system security and privacy.
There are no workarounds available; the only way to remediate this vulnerability is by applying the fixed software updates provided by Cisco.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires an authenticated attacker with valid administrative credentials to exploit it by sending crafted HTTP requests to the affected Cisco ISE or ISE-PIC systems.
There are no specific detection commands or network signatures provided in the available information to identify exploitation attempts or presence of this vulnerability.
Detection would typically involve monitoring for unusual or unauthorized administrative HTTP requests or reviewing logs for suspicious activity involving path traversal patterns, but no explicit commands or tools are mentioned.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation for this vulnerability is to upgrade affected Cisco ISE and Cisco ISE-PIC systems to the fixed software releases provided by Cisco.
- Upgrade to Cisco ISE 3.1 Patch 11 or later.
- Upgrade to Cisco ISE 3.2 Patch 10 or later.
- Upgrade to Cisco ISE 3.3 Patch 11 or later.
- Upgrade to Cisco ISE 3.4 Patch 6 or later.
- Upgrade to Cisco ISE 3.5 Patch 3 or later.
No workarounds or other mitigations are available; timely software updates are critical to prevent exploitation.