PT-2026-22608 · Extreme Networks · Extremecloud Iq - Site Engine
Published
2026-03-02
·
Updated
2026-03-02
·
CVE-2026-0689
CVSS v4.0
6.0
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ExtremeCloud IQ – Site Engine (XIQ‑SE) versions prior to 26.2.10
Description
A flaw exists in the NAC administration interface that allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. While credentials are shown as redacted in the user interface, the application transmits the actual credential values within the HTTP response, potentially allowing an authorized administrator to recover stored secrets beyond their intended access level.
Recommendations
Update to version 26.2.10 or later.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Extremecloud Iq - Site Engine