H-ISAC TLP White Vulnerability Bulletin: Cisco Patches Identity Services Engine (ISE) Security Flaw (CVE-2026-20029)

On January 7, 2026, Cisco released security updates to address a medium-severity vulnerability, tracked as CVE-2026-20029, affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) network access control solutions.

This flaw enables an authenticated, remote attacker with administrative privileges to access sensitive files from the underlying operating system that should be restricted. Although there is no evidence of active exploitation, a proof-of-concept (PoC) exploit is publicly available, which significantly increases the risk of potential abuse.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to this vulnerability. 

View the detailed bulletin below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Guides and Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public