VDB

CVE-2026-20195

CVE-2026-20195 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.

EPSS 0.04% · 11.6th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.04%
11.6th percentile

Affected Products

VendorProductVersions
CiscoCisco Identity Services Engine Software3.3.0, 3.3 Patch 2, 3.3 Patch 1

Exploit Intelligence

Timeline

  • May 6, 2026 CVE Published
  • May 6, 2026 Security Advisory
  • May 6, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›