HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-20190Published Modified CNA cisco

CVE-2026-20190: Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive information, including hashed credentials that could be used in future attacks.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An improper authorization check in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows an unauthenticated remote attacker to access protected resources without credentials. The vulnerability is reachable over the network with no authentication required and no user interaction needed, as reflected in the CVSS vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation exposes sensitive information including hashed credentials that an attacker can use in follow-on attacks such as offline password cracking or credential stuffing. No fix versions have been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available as soon as Cisco ships an upstream fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-20190 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that layer Cisco ISE software. Affected image versions (ISE 3.4.0 through 3.4 Patch 3 and ISE-PIC 3.4.0) are flagged automatically in both registry scans and CI/CD pipeline checks.

Available
Triage

Triage is available with a CVSS base score of 7.5 (HIGH), surfaced alongside each customer organization's compliance policy weighting to reflect actual risk tolerance and regulatory context. Findings are routed to the appropriate team inbox within each customer org based on image ownership and policy configuration.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the Cisco advisory on every ingest cycle and will make a patched-image rebuild available the moment Cisco releases a remediated version. In the interim, compensating-control recommendations such as network-policy isolation for ISE nodes are surfaced in the finding detail for customers reviewing exposure.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the ISE or ISE-PIC service over the network; the attack vector is Network (AV:N), meaning no local or physical access is required.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerability is exploitable by a fully unauthenticated remote attacker (PR:N).

  • Victim interactionNot required

    The attacker sends crafted traffic directly to the device and does not need any action from a user or administrator (UI:N).

  • Attack complexityDetail

    Attack complexity is Low (AC:L), meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • The attacker reads sensitive data stored on the ISE device, including hashed user credentials that can be taken offline for cracking or reused in credential-stuffing campaigns.
  • Because ISE is a network access control platform, exposed credential hashes may correspond to network device accounts, VPN users, or administrator identities, broadening the downstream attack surface.
  • Confidentiality impact is rated High (C:H); integrity and availability are unaffected, so the immediate harm is data disclosure rather than service disruption or data modification.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-20190 is active across all connected environments, matching scanned images against the affected ISE and ISE-PIC versions listed in Cisco's advisory. Because Cisco has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-evaluates the advisory on every ingest cycle and will automatically trigger a rebuild and, for customers with auto-remediation enabled, open a patch PR against affected workloads the moment an upstream fix is published. While waiting for an upstream patch, the finding detail surfaces compensating-control guidance including isolating ISE nodes behind strict network policies, restricting unauthenticated inbound traffic to ISE management and data interfaces, and applying egress filtering to limit lateral movement if a credential is compromised. Customers can also use HarborGuard's policy engine to escalate the severity weight on this finding given the credential-exposure nature of the vulnerability and ISE's role as a central authentication authority.

See how HarborGuard automates this
Affected packages
  • Cisco / Cisco Identity Services Engine Software
    3.4.0 · 3.4 Patch 1 · 3.4 Patch 2 · 3.4 Patch 3 · 3.5.0 · 3.4 Patch 4
  • Cisco / Cisco ISE Passive Identity Connector
    3.4.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References