VDB

CVE-2026-20174

CVE-2026-20174 PUBLISHED CVSS 4.900000095367432 MEDIUM

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.

EPSS 0.08% · 22.8th percentile

Risk Scores

CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.08%
22.8th percentile

Affected Products

VendorProductVersions
CiscoCisco Nexus Dashboard Insights2.2.2.125, 2.2.2.126, 5.0.1.150
CiscoCisco Nexus Dashboard3.1(1l), 3.2(1e), 3.2(1i)

Exploit Intelligence

Timeline

  • Apr 1, 2026 CVE Published
  • Apr 1, 2026 PoC Published
  • Apr 1, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›