CVE-2026-20041 MEDIUM

CVE-2026-20041: Cisco Nexus Dashboard Server Side Request Forgery Vulnerability

Vendor Cisco
Product Cisco Nexus Dashboard
Weakness CWE-918 · SSRF
Published April 1, 2026
Last update April 1, 2026

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Key dates

02Disclosure timeline

April 1, 2026 CVE published
April 1, 2026 Record updated