Sensitive Data Exposure in ExtremeCloud IQ – Site Engine
CVE-2026-0689

6MEDIUM

Key Information:

Vendor: Extreme Networks
Status: Extremecloud Iq - Site Engine
Vendor: CVE Published:; 2 March 2026

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2026-0689?

In ExtremeCloud IQ – Site Engine prior to version 26.2.10, a vulnerability exists within the NAC administration interface that allows authenticated NAC administrators to access sensitive information obscured on the user interface. Although user credentials appear redacted, the underlying credentials are exposed in the HTTP responses. This flaw enables an authorized administrator to retrieve sensitive data that exceeds their intended access rights, potentially leading to unauthorized access to critical secrets.

Affected Version(s)

ExtremeCloud IQ - Site Engine 25.5.12.6

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2026
Vulnerability Reserved
Jan 7, 2026

Credit

Lockheed Martin Red Team

CVE-2026-0689 Data

JSON