PatchSiren

Extreme Networks CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Extreme Networks CVE published 2026-05-29

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issue was observed through ExtremeCloud IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platfo [truncated]

MEDIUM Extreme Networks CVE published 2026-03-02

CVE-2026-0689

CVE-2026-0689 is a medium-severity vulnerability in ExtremeCloud IQ – Site Engine (XIQ-SE) before 26.2.10. This vulnerability allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns the underlying credential values in the HTTP response. This enables an authorized administrator [truncated]