CVE-2026-20189 MEDIUM

CVE-2026-20189: Cisco Prime Infrastructure Information Disclosure Vulnerability

Vendor Cisco
Product Cisco Prime Infrastructure
Weakness CWE-862 · Missing authorization
Published May 6, 2026
Last update May 6, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated