CVE-2026-20042

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 92.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Nexus Dashboard

Timeline

PublishedApr 1

Description

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

▶CVEListV5cisco/cisco_nexus_dashboard40 versions+39

🔴Vulnerability Details

CVEList

Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability↗2026-04-01

▶

GHSA

GHSA-4jcc-jgc6-vpm7: A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Ful↗2026-04-01

▶