Medium4.9Cisco Updated
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
cisco-sa-ndi-afw-rJuRC5dZ Published Apr 1, 2026Updated by vendor Apr 1, 2026
CVE-2026-20174
Affected products & platforms
CiscoSwitchesNexus
Summary
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient validation of the metadata update file.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco Nexus Dashboard Insights, regardless of the software configuration.
- 6.5 and earlier — Migrate to a fixed Nexus Dashboard release
- 3.1 — Migrate to a fixed release
- 3.2 — Migrate to a fixed release
- 4.1 — Migrate to a fixed release
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 6.5 and earlier: migrate to a fixed Nexus Dashboard release.
- Release 3.1: migrate to a fixed release.
- Release 3.2: migrate to a fixed release.
- Release 4.1: migrate to a fixed release.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.