Improper Access Control Vulnerability in Cisco Intersight Device Connector for Nutanix Prism Central
CVE-2026-5944

6.7MEDIUM

Key Information:

Vendor

Nutanix

Status
Cisco Intersight Device Connector For Prism Central
Vendor
CVE Published:
28 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-5944?

An improper access control vulnerability permits unauthenticated network access to the Cisco Intersight Device Connector for Nutanix Prism Central via an exposed API passthrough endpoint on TCP port 7373. Attackers can leverage this flaw to send crafted requests, enabling them to gather sensitive cluster metadata, including information on virtual machines and cluster configuration. Despite the API's primary design for read-only operations, exploitation can disrupt ongoing workloads, affecting the availability of services in the deployment environment. While this vulnerability does not lead to persistent system changes, it poses a risk to overall service continuity.

Affected Version(s)

Cisco Intersight Device Connector for Prism Central 4.3.0 < 7.5.1

References

https://download.nutanix.com/alerts/Security_Advisory_004...
vendor-advisory
https://portal.nutanix.com/page/documents/list?type=softw...
release-notes
https://www.nutanix.com/support
x_support

CVSS V4

Score:
6.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

External Security Researcher (via Cisco)
.