CVE-2026-20219

MEDIUM 5.4

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.

CWE	CWE-639
Vendor	cisco
Product	cisco webex meetings
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	May 6, 2026
Last Updated	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for cisco cisco webex meetings

Be the first to know when new medium vulnerabilities affecting cisco cisco webex meetings are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Cisco / Cisco Webex Meetings

39.10 39.11 39.6 39.7 39.7.4 39.7.7 39.8 39.8.2 39.8.3 39.8.4 39.9 39.9.1 40.1 40.2 40.4 40.4.10 40.6 40.6.2 42.10 42.11 42.6 42.9 42.12 42.7 43.1 43.4 43.4.2 43.5.0 43.4.1

Cisco / Cisco Slido

N/A

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN