CVE-2026-20041

CWE-918Server-Side Request Forgery (SSRF)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 94.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Nexus DashboardCisco Cisco Nexus Dashboard Insights
Timeline
PublishedApr 1

Description

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary netw

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5cisco/cisco_nexus_dashboard_insights15 versions+14
CVEListV5cisco/cisco_nexus_dashboard40 versions+39

🔴Vulnerability Details

2
GHSA
GHSA-24qq-7528-p6pc: A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side r2026-04-01
CVEList
Cisco Nexus Dashboard Server Side Request Forgery Vulnerability2026-04-01
CVE-2026-20041 (MEDIUM CVSS 6.1) | A vulnerability in Cisco Nexus Dash | cvebase.io