CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-20219

mediumcovered by 1 sourcefirst seen 2026-05-06
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results. As mentioned, Cisco has addressed this vulnerability in the Slido service, and no customer action is necessary to update on-premises software or devices. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN Security Impact Rating: Medium CVE: CVE-2026-20219

CSIRTS triage

What
A vulnerability in the REST API could allow an authenticated attacker to access the social profile data of other users.
Who is affected
Authenticated users of Cisco Slido are affected.
Urgency
Remediation is necessary as it could lead to unauthorized access to user data.
Action
No action is needed as Cisco has addressed this vulnerability.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-20219

Get an email if CVE-2026-20219 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-20219

CVE.org record

Embed the live status

CVE-2026-20219 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-20219 status](https://www.csirts.com/badge/CVE-2026-20219)](https://www.csirts.com/cve/CVE-2026-20219)