Zero Day MonitorZDM

← Back to list

4.9

CVE-2026-20174

cis · nexus dashboard insights

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is

Description

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.

Affected Products

Vendor	Product	Versions
cis	nexus dashboard insights	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cis	nexus dashboard	cert_advisory	90%

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ

Related News (3 articles)

Tier B

BSI Advisories4h ago

[NEU] [mittel] Cisco Nexus Dashboard und Insights: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-20174 | Cisco Nexus Dashboard/Nexus Dashboard Insights Metadata Update path traversal (cisco-sa-ndi-afw-rJuRC5dZ)

→ No new info (linked only)

Tier A

Cisco Security21h ago

Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability

→ No new info (linked only)

CVSS 3.14.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-22

PublishedApr 1, 2026

Last enriched16h agov2

Trending Score38

Source articles3

Independent3

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20131EXPKEV

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&n

CRITICALCVE-2026-20160

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

CRITICALCVE-2026-20093

Cisco Integrated Management Controller Authentication Bypass Vulnerability

HIGHCVE-2026-20094

Cisco Integrated Management Controller Command Injection Vulnerability

MEDIUMCVE-2026-20095

Cisco Integrated Management Controller Command Injection Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: vendor, product

Apr 1, 2026

Version History

v2

Last enriched 16h ago

v2Tier C16h ago

Updated vendor to Cisco, product to Nexus Dashboard/Nexus Dashboard Insights, severity to CRITICAL, and noted that no exploit is available.

vendorproduct

via VulDB

v117h ago

Initial creation