CVE-2026-0689

216.73.217.98

· Published 02/03/2026 16:16 · Modified 02/03/2026 20:29

Labels: CVE-2026-0689 1c053176-eef3-4d6a-ae0b-24728c86587b 2026-03-02 CVE-2026-0689 CWE-522

Essential information

Published: 02/03/2026 16:16
Modified: 02/03/2026 20:29
Author: —
Creator: —
CVSS: 6.0 MEDIUM (v3) 6.0 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access. We would like to thank the Lockheed Martin Red Team for responsibly reporting this issue and working with us through coordinated disclosure.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 1c053176-eef3-4d6a-ae0b-24728c86587b
NVD: View on NVD

Affected products (CPE)

Product	CPE
extreme / extreme cloud iq site engine	`cpe:2.3:a:extreme:extreme_cloud_iq_site_engine:<26.2.10:::::::*`