CVE-2026-20193
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administra
CVSS
4.3
Medio
EPSS
0.2%
p13
KEV
—
Exploit Today
4
0-100
Publicado: 6 may 2026 · Última mod.: 1 jul 2026 · CWE-862
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.