CVE-2026-5944

Name of the Vulnerable Software and Affected Versions Cisco Intersight Device Connector for Nutanix Prism Central (affected versions not specified)

Description An improper access control issue exists where a service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the deployment environment's network scope without authentication. An unauthenticated attacker can send crafted requests to this endpoint to enumerate cluster metadata, such as virtual machine information and cluster configuration details. Although the API mainly supports read-only operations, it allows the invocation of certain cluster maintenance workflows. Successful exploitation could disrupt active workloads, resulting in a loss of service availability, though it does not permit persistent configuration changes or access to credentials and sensitive user data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.