Cisco ISE Unauth Remote Info Disclosure via Improper Auth Check
CVE-2026-20190 Published on June 17, 2026
Cisco Identity Services Engine Information Disclosure Vulnerability
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device.
This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
Vulnerability Analysis
CVE-2026-20190 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-20190 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-20190
Want to know whenever a new CVE is published for Cisco Identity Services Engine Software? stack.watch will email you.
Affected Versions
Cisco Identity Services Engine Software:- Version 3.4.0 is affected.
- Version 3.4 Patch 1 is affected.
- Version 3.4 Patch 2 is affected.
- Version 3.4 Patch 3 is affected.
- Version 3.5.0 is affected.
- Version 3.4 Patch 4 is affected.
- Version 3.5 Patch 1 is affected.
- Version 3.4 Patch 5 is affected.
- Version 3.5 Patch 2 is affected.
- Version 3.4.0 is affected.