CVE-2026-20190
Cisco Identity Services Engine Information Disclosure Vulnerability
Description
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:NIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsReferences
Timeline
- ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and Moreen·The Hacker News· Summary only·
- Critical Command Execution Vulnerability Patched in Cisco ISEen-us·SecurityWeek· Summary only·
- Cisco ISE Vulnerabilities: Critical RCE and Info Disclosure Flawsen-us·Daily CyberSecurity (securityonline.info)· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-20190 and every CVE in our database. Create a free account — no credit card required.
Create Free Account