CVE-2026-20174

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Insights versions 6.5 and earlier, Nexus Dashboard unified images prior to fixed releases.

Description: A flaw in the Metadata update feature allows an authenticated administrator to upload a crafted metadata file that can write arbitrary files as root on affected systems, potentially leading to data tampering, privilege escalation, or full system compromise. The vulnerability stems from insufficient validation of the metadata update file. An attacker with valid administrative credentials can exploit this by uploading a malicious file, which could allow them to write arbitrary files to the underlying operating system as the root user. This impacts both air-gapped and cloud-connected deployments.

Recommendations: Upgrade to the fixed Nexus Dashboard release as per Cisco advisory. Restrict administrative access and enforce strong credential controls. Disable or tightly control manual metadata update uploads where possible. Monitor for suspicious metadata upload activity and review system logs.