Medium4.3Cisco Updated
Cisco Prime Infrastructure Information Disclosure Vulnerability
cisco-sa-pi-unauth-infodiscl-LFnLgmey Published May 6, 2026Updated by vendor May 6, 2026
CVE-2026-20189
Affected products & platforms
CiscoManagement
Summary
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco Prime Infrastructure, regardless of device configuration.
- 3.9 and earlier — Migrate to a fixed release
- Release 3.10 (first fixed: 3.10.6 Security Update 3)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.10.6 Security Update 3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.9 and earlier: migrate to a fixed release.
- Release 3.10: upgrade to 3.10.6 Security Update 3.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.