CVE-2026-20148 MEDIUM

CVE-2026-20148: Cisco Identity Services Engine Path Traversal Vulnerability

Vendor Cisco
Product Cisco Identity Services Engine Software
Weakness CWE-22 · Path traversal
Published April 15, 2026
Last update April 15, 2026

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

Key dates

02Disclosure timeline

April 15, 2026 CVE published
April 15, 2026 Record updated