CVE-2026-20189
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey Security Impact Rating: Medium CVE: CVE-2026-20189
CSIRTS triage
- What
- A vulnerability in the log file download functionality could allow an authenticated attacker to download arbitrary log files.
- Who is affected
- Authenticated users of Cisco Prime Infrastructure are affected.
- Urgency
- Remediation is urgent due to the risk of sensitive log file exposure.
- Action
- Update to the latest version of Cisco Prime Infrastructure.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-20189
Get an email if CVE-2026-20189 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.21% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all EPSS-scored CVEs.
Advisory coverage (1)
- mediumCisco Prime Infrastructure Information Disclosure Vulnerabilitycisco-psirt · 2026-05-06
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-20189)