What is CVE-2026-20219?

CVE-2026-20219 is a medium-severity vulnerability in Cisco Slido, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.4/10. Published 2026-05-06.

How severe is CVE-2026-20219?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Cisco Slido

CVE-2026-20219

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (12.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Cisco Slido — versions N/A
Cisco Webex Meetings — versions 39.10, 39.11, 39.6

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

cisco-sa-slido-idor-CpsFmKxN

Frequently asked questions

What is CVE-2026-20219?: CVE-2026-20219 is a medium-severity vulnerability in Cisco Slido, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 5.4/10. Published 2026-05-06.
How severe is CVE-2026-20219?: Medium severity. CVSS v3 base score is 5.4 out of 10.