PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-20193 Cisco CVE debrief

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role. Cisco has released a security advisory to address this vulnerability.

Vendor
Cisco
Product
Identity Services Engine
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-07-01
Advisory published
2026-05-06
Advisory updated
2026-07-01

Who should care

Organizations using Cisco Identity Services Engine (ISE) versions 3.2.0, 3.3.0, 3.4.0, and 3.5.0 should be aware of this vulnerability. Specifically, administrators with read-only access and those responsible for applying security patches and updates to Cisco ISE systems should take immediate action to mitigate this vulnerability.

Technical summary

The vulnerability, CVE-2026-20193, is caused by improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints in Cisco ISE. An authenticated attacker with read-only Administrator privileges can exploit this by directly calling affected endpoints, bypassing the web-based management interface. Successful exploitation allows unauthorized read access to sensitive RADIUS Policy details. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 4.3, indicating a medium severity level.

Defensive priority

Apply patches or updates provided by Cisco to fix the improper RBAC permissions on RADIUS Policy API endpoints. Restrict access to the web-based management interface and monitor for suspicious API calls.

Recommended defensive actions

  • Apply Cisco's recommended patches or updates to fix the vulnerability in Cisco ISE RADIUS Policy API endpoints.
  • Implement additional monitoring to detect and respond to potential exploitation attempts.
  • Review and restrict access to the web-based management interface to prevent unauthorized access.
  • Verify and enforce proper role-based access control (RBAC) configurations for administrators.
  • Consider compensating controls, such as network segmentation or access controls, to limit the impact of a potential breach.

Evidence notes

The CVE-2026-20193 vulnerability is confirmed by Cisco's security advisory and the National Vulnerability Database (NVD). Cisco ISE versions 3.2.0, 3.3.0, 3.4.0, and 3.5.0 are affected. The CVSS score is 4.3, indicating medium severity. There is no evidence of public exploitation or ransomware campaign use.

Official resources

This article is AI-assisted and based on the supplied source corpus.