CVE-2026-20148
MediumCVSS 4.9Exploitation Probability (EPSS)
Very high risk95th percentile - higher than 95% of all known CVEs
Summary
A vulnerability in Cisco ISE and Cisco ISE-PIC allows an authenticated remote attacker to perform path traversal attacks on the underlying OS and read arbitrary files. The flaw is due to improper validation of user-supplied input.
Risk Assessment
An attacker with administrative credentials could access sensitive system files, potentially leading to disclosure of confidential data such as configurations or passwords.
Recommendation
Apply security updates provided by Cisco for affected ISE and ISE-PIC versions immediately. Restrict administrative access to trusted users only.
Original NVD description (English source)
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

