VDB
CVE-2026-20148
CVE-2026-20148
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
EPSS 0.09% · 24.8th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.09%
24.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 3.1.0, *, 3.1.0 p3 |
| Cisco | Cisco ISE Passive Identity Connector | 3.1.0, 3.3.0, 3.4.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20148 (circl-sighting)
- CIRCL seen: CVE-2026-20148 (circl-sighting)
- cisco-sa-ise-rce-traversal-8bYndVrZ (circl)
Timeline
- Apr 15, 2026 CVE Published
- Apr 15, 2026 PoC Published
- Apr 15, 2026 CVE Updated
- Apr 15, 2026 PoC Published
- Apr 16, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score