cvedb.io
CVE-2026-0689
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2026-03-02T16:16:23.653 · Last modified 2026-06-17T10:11:12.607

Summary

In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access. We would like to thank the Lockheed Martin Red Team for responsibly reporting this issue and working with us through coordinated disclosure.

Affected products

extremenetworks — extremecloud_iq_site_engine

Does this affect you?

Add your gear to cvedb and we'll alert you only when extremenetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.