Search criteria
1 vulnerability found for Extreme Platform ONE by Extreme Networks
CVE-2026-9831 (GCVE-0-2026-9831)
Vulnerability from cvelistv5 – Published: 2026-05-29 21:19 – Updated: 2026-06-01 13:53
VLAI?
Title
ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition
Summary
A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions, intermittently allow requests
authenticated with an Extreme Platform ONE /IAM-issued API key to receive
response data for another tenant. The issue was observed through ExtremeCloud
IQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE
/Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT
authentication were not affected.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Extreme Networks | Extreme Platform ONE |
Affected:
0 , < 25.10.0-104
(custom)
Unaffected: 25.10.0-104 (custom) |
Credits
Sebastian Koller of Iteas IT Services GmbH (Austria) for responsible discovery and disclosure of this vulnerability.
Sebastian Koller of Iteas IT Services GmbH (Austria) for responsible coordination and providing detailed evidence supporting root cause identification.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:52:52.575235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:53:05.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SaaS (Cloud Hosted)"
],
"product": "Extreme Platform ONE",
"vendor": "Extreme Networks",
"versions": [
{
"lessThan": "25.10.0-104",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "25.10.0-104",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sebastian Koller of Iteas IT Services GmbH (Austria) for responsible discovery and disclosure of this vulnerability."
},
{
"lang": "en",
"type": "reporter",
"value": "Sebastian Koller of Iteas IT Services GmbH (Austria) for responsible coordination and providing detailed evidence supporting root cause identification."
}
],
"datePublic": "2026-05-29T21:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A race condition in the shared Extreme Platform\nONE IAM Gateway API-key authentication path could, under specific\nhigh-concurrency traffic conditions, intermittently allow requests\nauthenticated with an Extreme Platform ONE /IAM-issued API key to receive\nresponse data for another tenant. The issue was observed through ExtremeCloud\nIQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE\n/Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT\nauthentication were not affected."
}
],
"value": "A race condition in the shared Extreme Platform\nONE IAM Gateway API-key authentication path could, under specific\nhigh-concurrency traffic conditions, intermittently allow requests\nauthenticated with an Extreme Platform ONE /IAM-issued API key to receive\nresponse data for another tenant. The issue was observed through ExtremeCloud\nIQ/XIQ API endpoints and validated against both XIQ/XAPI and Extreme Platform ONE\n/Common Services API paths. XIQ-native tokens and standard OAuth/Bearer JWT\nauthentication were not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-74",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-74: Manipulating State"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-488",
"description": "CWE-488 Exposure of data element to wrong session",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T21:19:17.118Z",
"orgId": "1c053176-eef3-4d6a-ae0b-24728c86587b",
"shortName": "ExtremeNetworks"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2026-048-extremecloud-iq-cross-tenant-data-exposure-via/ba-p/121851"
}
],
"source": {
"advisory": "SA-2026-048",
"discovery": "EXTERNAL"
},
"title": "ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "1c053176-eef3-4d6a-ae0b-24728c86587b",
"assignerShortName": "ExtremeNetworks",
"cveId": "CVE-2026-9831",
"datePublished": "2026-05-29T21:19:17.118Z",
"dateReserved": "2026-05-28T12:21:45.520Z",
"dateUpdated": "2026-06-01T13:53:05.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}