CVE Catalog

CVE-2026-20193

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile - higher than 14% of all known CVEs

Summary

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE allows an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information. This is due to improper role-based access control (RBAC) permissions on these API endpoints.

Risk Assessment

The organization risks exposure of sensitive RADIUS Policy details, which could be leveraged for further attacks or network compromise. The attacker can bypass the web-based management interface and directly call the vulnerable endpoint.

Recommendation

Apply the Cisco ISE update containing the fix immediately and review RBAC permissions for read-only administrator accounts.

Original NVD description (English source)

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS