Description
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Published: 2026-04-01
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑side request forgery allowing remote code execution and data exfiltration
Action: Apply patch
AI Analysis

Impact

A flaw in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights permits a server‑side request forgery (SSRF) when an authenticated user is tricked into clicking a specially crafted link. The improper validation of selected HTTP requests lets an attacker force the device to issue arbitrary network requests to an attacker‑controlled server. Successful exploitation enables execution of arbitrary script code within the device’s management interface or leakage of sensitive browser‑based data, compromising confidentiality and integrity of the system.

Affected Systems

The vulnerability affects Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. No specific affected versions are listed in the CNA data, so any running installation of these products should be considered vulnerable until a vendor update is applied.

Risk and Exploitability

With a CVSS score of 6.1 the severity is moderate, and the EPSS score is not available while the vulnerability is not listed in the KEV catalog. The attack vector is remote and requires social engineering to prompt an authenticated user to click a malicious link. Once achieved, the attacker can send arbitrary outbound requests from the device, potentially accessing internal networks and exfiltrating data.

Generated by OpenCVE AI on April 2, 2026 at 03:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Cisco’s security advisory to locate the latest firmware or patch for Nexus Dashboard and Nexus Dashboard Insights and apply it as soon as possible.
  • If a patch is temporarily unavailable, restrict the device’s outbound network access to only trusted domains and monitor for anomalous connections.
  • Apply network segmentation to isolate the Nexus Dashboard device from critical internal assets and enforce least‑privilege configurations.

Generated by OpenCVE AI on April 2, 2026 at 03:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco nexus Dashboard
Cisco nexus Dashboard Insights
Vendors & Products Cisco
Cisco nexus Dashboard
Cisco nexus Dashboard Insights

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Title Cisco Nexus Dashboard Server Side Request Forgery Vulnerability
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Cisco Nexus Dashboard Nexus Dashboard Insights
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-04-01T18:13:15.076Z

Reserved: 2025-10-08T11:59:15.354Z

Link: CVE-2026-20041

cve-icon Vulnrichment

Updated: 2026-04-01T18:13:11.624Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-01T17:28:25.917

Modified: 2026-04-03T16:11:11.357

Link: CVE-2026-20041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:17:15Z

Weaknesses