๐Ÿ” CVE Alert

CVE-2026-20189

MEDIUM 4.3

Cisco Prime Infrastructure Information Disclosure Vulnerability

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

CWE CWE-862
Vendor cisco
Product cisco prime infrastructure
Ecosystems
Industries
NetworkingTelecommunications
Published May 6, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco prime infrastructure

Be the first to know when new medium vulnerabilities affecting cisco cisco prime infrastructure are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

Cisco / Cisco Prime Infrastructure
3.6.0 3.7.0 3.4.0 3.3.0 3.5.0 3.2.0-FIPS 3.8.0-FED 3.9.0 3.8.0 3.10.0 3.9.1 3.8.1 3.7.1 3.5.1 3.4.2 3.3.1 3.2.1 3.2.2 3.4.1 3.10.2 3.10.3 3.10 3.10.1 3.7.1 Update 03 3.7.1 Update 04 3.7.1 Update 06 3.7.1 Update 07 3.8.1 Update 01 3.8.1 Update 02 3.8.1 Update 03 3.8.1 Update 04 3.9.1 Update 01 3.9.1 Update 02 3.9.1 Update 03 3.9.1 Update 04 3.10 Update 01 3.4.2 Update 01 3.6.0 Update 04 3.6.0 Update 02 3.6.0 Update 03 3.6.0 Update 01 3.5.1 Update 03 3.5.1 Update 01 3.5.1 Update 02 3.7.0 Update 03 3.8.0 Update 01 3.8.0 Update 02 3.7.1 Update 01 3.7.1 Update 02 3.7.1 Update 05 3.9.0 Update 01 3.3.0 Update 01 3.4.1 Update 02 3.4.1 Update 01 3.5.0 Update 03 3.5.0 Update 01 3.5.0 Update 02 3.10.4 3.10.4 Update 01 3.10.4 Update 02 3.10.4 Update 03 3.10.5 3.10.6 3.10.6 Update 01 3.10.6 Update 02

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey