CVE-2026-20174
Arbitrary File Write in Cisco Nexus Dashboard Insights Metadata Update
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | nexus_dashboard_insights | * |
| cisco | nexus_dashboard_insights | From 6.5 (inc) |
| cisco | nexus_dashboard_insights | 3.1(1k) |
| cisco | nexus_dashboard_insights | 3.1 |
| cisco | nexus_dashboard_insights | 3.2 |
| cisco | nexus_dashboard_insights | 4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20174 is a medium-severity vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights. It occurs because the system does not properly validate the metadata update file. An authenticated remote attacker with administrative credentials can craft and manually upload a malicious metadata update file.
If successfully exploited, this vulnerability allows the attacker to write arbitrary files to the underlying operating system with root privileges.
This issue affects all configurations of Cisco Nexus Dashboard Insights, including both air-gapped and Cisco Intersight Cloud connected deployments, since both support manual metadata file uploads.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with valid administrative credentials to write arbitrary files to your system with root-level access.
Such unauthorized file writes can compromise the integrity of your system, potentially leading to unauthorized changes, system manipulation, or further exploitation.
Although the vulnerability does not affect confidentiality or availability directly, the high integrity impact means your system's trustworthiness and correct operation could be severely affected.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the manual upload of crafted metadata update files by an authenticated user with administrative credentials. Detection would involve monitoring for unusual or unauthorized metadata file uploads to Cisco Nexus Dashboard Insights systems.
Since exploitation requires valid administrative credentials and manual upload of metadata files, commands or logs related to metadata update file uploads should be reviewed.
Specific commands are not provided in the available resources, but administrators should check system logs for metadata update file upload activities and verify the integrity of uploaded files.
What immediate steps should I take to mitigate this vulnerability?
Cisco strongly recommends upgrading to fixed software releases to remediate this vulnerability.
- Upgrade Cisco Nexus Dashboard Insights to versions later than 6.5 or to unified Cisco Nexus Dashboard software starting from release 3.1(1k).
- Migrate Nexus Dashboard releases 3.1, 3.2, and 4.1 to fixed releases, as these are vulnerable.
- Note that Nexus Dashboard release 4.2 is not vulnerable.
Verify hardware and software compatibility before upgrading and obtain fixed software through authorized channels or Cisco TAC if necessary.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.