CVE-2026-9831

216.73.216.226

· Published 29/05/2026 22:16 · Modified 29/05/2026 22:16

Labels: CVE-2026-9831 1c053176-eef3-4d6a-ae0b-24728c86587b 2026-05-29 CVE-2026-9831 CWE-362

Essential information

Published: 29/05/2026 22:16
Modified: 29/05/2026 22:16
Author: —
Creator: —
CVSS: 6.3 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS metrics

Description

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue was observed through ExtremeCloud IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE /Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT authentication were not affected.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 1c053176-eef3-4d6a-ae0b-24728c86587b
NVD: View on NVD

Affected products (CPE)

Product	CPE
extreme networks / extreme platform one	`cpe:2.3:a:extreme_networks:extreme_platform_one::::::::`
extreme networks / extremecloud iq	`cpe:2.3:a:extreme_networks:extremecloud_iq::::::::`