Description

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.

INFO

Published Date :

2026-05-06T17:10:46.343Z

Last Modified :

2026-05-06T19:09:39.992Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2026-20219 vulnerability.

Vendors Products
Cisco
  • Slido
  • Webex Meetings
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20219.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact