Improper Authorization Vulnerability in Cisco Identity Services Engine
CVE-2026-20190

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Identity Services Engine Software; Cisco Ise Passive Identity Connector
Vendor: CVE Published:; 17 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-20190?

A vulnerability exists in Cisco Identity Services Engine (ISE) and its Policy Infrastructure Controller (ISE-PIC), allowing unauthenticated remote attackers to exploit improper authorization checks. By sending specially crafted traffic to affected devices, attackers can potentially gain access to sensitive information, including hashed credentials. This exposure could facilitate further attacks against the system.

Affected Version(s)

Cisco Identity Services Engine Software 3.4.0

Cisco Identity Services Engine Software 3.4 Patch 1

Cisco Identity Services Engine Software 3.4 Patch 2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 17, 2026
Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20190 Data

JSON