CVE-2026-5944HIGH 8.2EPSS p40.7%

CVE-2026-5944CVE-2026-5944

Description

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
EPSS0.53% probability of exploitation · percentile 40.7% · 2026-06-19T12:03:05Z
Published2026-04-28
Last modified2026-05-18

Underlying weaknesses· 2

CWE-306CWE-862

References

  1. https://download.nutanix.com/alerts/Security_Advisory_0046.pdf
  2. https://portal.nutanix.com/page/documents/list?type=software&filterKey=software&filterVal=Prism
  3. https://www.nutanix.com/support

2

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5349
CVE
CVE-2026-10622
CVE
CVE-2026-9614
CVE
CVE-2026-5786
CVE
CVE-2026-20155
CVE
CVE-2026-5788
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.