CVE-2026-20190 | A vulnerability in Cisco ISE and ISE-PIC could allow an unau… | CVSS 7.5 HIGH

Description

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

Metadata

CVE ID: CVE-2026-20190
State: PUBLISHED
Assigner: cisco
Reserved: 2025-10-08 11:59 UTC
Published: 2026-06-17 16:17 UTC
Last updated: 2026-06-17 17:16 UTC
Primary CWE: CWE-285
Improper Authorization
Vendor / Product: Cisco / Cisco Identity Services Engine Software
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Cisco	Cisco Identity Services Engine Software	—	3.4.0, 3.4 Patch 1, 3.4 Patch 2, 3.4 Patch 3 …
Cisco	Cisco ISE Passive Identity Connector	—	3.4.0

Weakness (CWE)

CWE	Source	Description
CWE-285	cna	Improper Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

cisco-sa-ise-multi-G5WP8vv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv