CVE-2026-0689 is a vulnerability classified under CWE-522 (Insufficiently Protected Credentials) affecting Extreme Networks' ExtremeCloud IQ – Site Engine (XIQ-SE) versions prior to 26.2.10. The flaw exists in the Network Access Control (NAC) administration interface, where sensitive parameters such as credentials are masked in the user interface but are actually returned in full within HTTP responses. This means that an authenticated NAC administrator, who normally should only see redacted credential information, can retrieve the underlying plaintext credentials by inspecting the HTTP traffic or responses. The vulnerability does not require user interaction and does not elevate privileges beyond the authenticated NAC administrator role, but it allows these administrators to access secrets that may exceed their intended access rights, potentially exposing credentials for other systems or services managed by XIQ-SE. The vulnerability has a CVSS v4.0 base score of 6.0, indicating a medium severity level, with network attack vector, low attack complexity, no privileges required beyond NAC admin, and no user interaction. The impact primarily affects confidentiality and integrity of stored credentials. No public exploits are known at this time, and the issue was responsibly disclosed by the Lockheed Martin Red Team. No patch links were provided in the data, but upgrading to version 26.2.10 or later is implied as the remediation path.

The primary impact of CVE-2026-0689 is the unauthorized disclosure of sensitive credentials within the ExtremeCloud IQ – Site Engine environment. This can lead to credential compromise, enabling attackers or malicious insiders with NAC administrator access to escalate privileges, move laterally within the network, or access other critical systems managed by these credentials. The exposure of credentials undermines the confidentiality and integrity of network access controls and could facilitate further attacks such as unauthorized device onboarding, network manipulation, or data exfiltration. Since the vulnerability requires authenticated NAC administrator access, the risk is somewhat contained to trusted insiders or compromised administrator accounts. However, in environments with multiple administrators or where credential segregation is weak, the impact can be significant. Organizations relying on XIQ-SE for network access control and security posture management may face increased risk of insider threats or targeted attacks leveraging exposed credentials. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent future exploitation.

1. Upgrade ExtremeCloud IQ – Site Engine to version 26.2.10 or later, where this vulnerability is fixed. 2. Restrict NAC administrator privileges strictly on a need-to-know basis and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce risk of account compromise. 3. Monitor and audit NAC administrator activities and HTTP traffic to detect any attempts to access or exfiltrate sensitive credential information. 4. Implement network segmentation and least privilege principles to limit the impact if credentials are exposed. 5. Review and rotate any credentials that may have been exposed or stored within XIQ-SE, especially if there is suspicion of unauthorized access. 6. Employ secure coding and response handling practices in future deployments to ensure sensitive data is never returned in plaintext within HTTP responses, even if masked in the UI. 7. Conduct regular security assessments and penetration testing focused on administrative interfaces to identify similar issues proactively.