CVE Catalog

CVE-2026-20148

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
9.21%

95th percentile - higher than 95% of all known CVEs

Summary

A vulnerability in Cisco ISE and Cisco ISE-PIC allows an authenticated remote attacker to perform path traversal attacks on the underlying OS and read arbitrary files. The flaw is due to improper validation of user-supplied input.

Risk Assessment

An attacker with administrative credentials could access sensitive system files, potentially leading to disclosure of confidential data such as configurations or passwords.

Recommendation

Apply security updates provided by Cisco for affected ISE and ISE-PIC versions immediately. Restrict administrative access to trusted users only.

Original NVD description (English source)

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS