Published on: 08 January 2026
Published on: 08 January 2026
Cisco has released security updates to address multiple vulnerabilities in several Cisco products or components. A remote attacker could entice a user to open a web page with specially crafted content on a vulnerable browser to exploit the vulnerabilities.
Reports indicated that the proof-of-concept (PoC) exploit code for an information disclosure vulnerability (CVE-2026-20029) in Cisco Identity Services Engine and Cisco Identity Services Engine Passive Identity Connector is publicly available. Cisco has released security updates to address the issues. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
For detailed information of the affected products, please refer to the section 'Affected Products' of corresponding security advisory at vendor's website.
Depending on the vulnerabilities exploited, a successful attack could lead to denial of service, information disclosure or security restriction bypass on an affected system.
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
System administrators should contact their product support vendors for the fixes and assistance.