SA-2026-020 - XIQ‑SE NAC Admin Credential Exposure... - Extreme Networks

Summary

In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response, enabling an authorized administrator to recover stored secrets that may exceed their intended access.

Products Potentially Affected

OS/Product	Exposure
ExtremeCloud IQ - Site Engine (XIQ-SE)	Yes

Repair Recommendations

ExtremeCloud IQ - Site Engine (XIQ-SE):

Fixed in 26.2.10 or later

Please see the full security advisory article here for more details and future updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2026-020 - XIQ‑SE NAC Admin Credential Exposure via HTTP Response (CVE-2026-0689)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)