{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20195", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.396Z", "datePublished": "2026-05-06T16:14:54.611Z", "dateUpdated": "2026-05-06T17:48:38.355Z"}, "containers": {"cna": {"title": "Cisco Identity Services Engine Observable Response Discrepancy Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.\r\n\r\nThis vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb", "name": "cisco-sa-ise-unauth-bypass-uxjRXGpb"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-ise-unauth-bypass-uxjRXGpb", "discovery": "EXTERNAL", "defects": ["CSCwr77445"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Observable Response Discrepancy", "type": "cwe", "cweId": "CWE-204"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.3.0", "status": "affected"}, {"version": "3.3 Patch 2", "status": "affected"}, {"version": "3.3 Patch 1", "status": "affected"}, {"version": "3.3 Patch 3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}, {"version": "3.3 Patch 4", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.3 Patch 5", "status": "affected"}, {"version": "3.3 Patch 6", "status": "affected"}, {"version": "3.4 Patch 2", "status": "affected"}, {"version": "3.3 Patch 7", "status": "affected"}, {"version": "3.4 Patch 3", "status": "affected"}, {"version": "3.5.0", "status": "affected"}, {"version": "3.4 Patch 4", "status": "affected"}, {"version": "3.3 Patch 8", "status": "affected"}, {"version": "3.5 Patch 1", "status": "affected"}, {"version": "3.3 Patch 9", "status": "affected"}, {"version": "3.4 Patch 5", "status": "affected"}, {"version": "3.5 Patch 3", "status": "affected"}, {"version": "3.5 Patch 2", "status": "affected"}, {"version": "3.3 Patch 10", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-05-06T16:14:54.611Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-06T17:34:47.638851Z", "id": "CVE-2026-20195", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-06T17:48:38.355Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.\r\n\r\nThis vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system."}], "id": "CVE-2026-20195", "lastModified": "2026-05-06T17:16:21.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-05-06T17:16:21.630", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{}