CVE-2026-20174Path Traversal in Cisco Nexus Dashboard

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 84.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nexus DashboardCisco Nexus Dashboard Insights
Timeline
PublishedApr 1

Description

A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_nexus_dashboard_insights15 versions+14
CVEListV5cisco/cisco_nexus_dashboard14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-2cwq-r4f6-rjgw: A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary file2026-04-01
CVEList
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability2026-04-01
CVE-2026-20174 — Path Traversal in Cisco | cvebase