Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.
AnalysisAI
Insecure direct object reference (IDOR) in Cisco Slido REST API allows authenticated remote attackers to view other users' social profile data and manipulate quiz or poll results. The vulnerability requires valid authentication but no user interaction, affecting confidentiality and integrity of user data and poll integrity. Cisco has released a patched version; no public exploit code or active exploitation has been identified at the time of analysis.
Technical ContextAI
Cisco Slido's REST API implements insufficient access controls on object references, allowing authenticated users to access or modify resources belonging to other users by manipulating request parameters (CWE-639: Authorization Through User-Controlled Key). The vulnerability stems from the API endpoint failing to properly verify that the requesting authenticated user owns or has explicit authorization to access the targeted social profile or poll data. This is a classic IDOR flaw where direct object references (such as user IDs or poll IDs) are passed in API requests without server-side validation of resource ownership. Affected systems are Cisco Slido cloud and on-premises deployments that expose REST API endpoints.
RemediationAI
Cisco has released a patched version addressing this vulnerability. Customers should apply the patch provided in Cisco Security Advisory cisco-sa-slido-idor-CpsFmKxN immediately. No specific patched version number is provided in available data; refer to the advisory link https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN for exact update instructions and version numbers. If patching is delayed, implement compensating controls: restrict API endpoint access to specific IP ranges or VPNs, enforce strict role-based access control (RBAC) to limit which users can access quiz and poll management APIs, audit and revoke unnecessary REST API tokens, and monitor API request logs for anomalous patterns (requests for resources not belonging to the requester). These controls have minimal performance impact but may limit legitimate API automation and require ongoing tuning.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27864
GHSA-83ch-55jw-xp9w