CVE-2026-20219
Received Received - Intake
Insecure Direct Object Reference in Cisco Slido REST API

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20219
EUVD
EUVD-2026-27864
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco slido *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the REST API of Cisco Slido and is caused by an insecure direct object reference. It allows an authenticated, remote attacker to send specially crafted requests to the API endpoint.

By exploiting this vulnerability, the attacker could access the social profile data of other users or manipulate quiz and poll results.

Impact Analysis

If exploited, this vulnerability could lead to unauthorized access to other users' social profile data, potentially compromising user privacy.

Additionally, an attacker could affect the integrity of quiz and poll results, which might impact the reliability of data collected through Cisco Slido.

Mitigation Strategies

Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed.

Compliance Impact

The vulnerability in Cisco Slido's REST API could have allowed unauthorized access to users' social profile data, which may raise concerns regarding data privacy and protection under regulations such as GDPR and HIPAA.

However, Cisco has addressed this vulnerability with no customer action needed, and there is no indication of any public exploitation. This reduces the risk of non-compliance due to data breaches related to this issue.

No specific information is provided about direct impacts on compliance with standards like GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart