CVE-2026-20190
Received Received - Intake
Information Disclosure in Cisco ISE and ISE-PIC

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-20190
EUVD
EUVD-2026-37749
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco ise *
cisco ise-pic *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Cisco ISE and ISE-PIC and allows an unauthenticated, remote attacker to view sensitive information on the affected device.

It occurs because of improper authorization checks when accessing certain resources. An attacker can exploit this by sending specially crafted traffic to the device.

If successfully exploited, the attacker could gain access to sensitive information, including hashed credentials, which could be used in further attacks.

Compliance Impact

This vulnerability allows an unauthenticated, remote attacker to access sensitive information, including hashed credentials, due to improper authorization checks. Exposure of sensitive information can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Organizations using affected Cisco ISE and ISE-PIC devices may face increased risk of data breaches, potentially violating requirements for confidentiality and data security mandated by these standards.

Impact Analysis

This vulnerability can impact you by exposing sensitive information on your Cisco ISE or ISE-PIC devices to unauthorized attackers.

Specifically, attackers could obtain hashed credentials, which might allow them to perform future attacks such as credential cracking or unauthorized access.

Because the vulnerability requires no authentication and can be exploited remotely, it poses a significant risk to the confidentiality of your system's data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20190. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart