PatchSiren cyber security CVE debrief
CVE-2026-5944 Nutanix CVE debrief
An improper access control vulnerability in the Cisco Intersight Device Connector for Nutanix Prism Central exposes an unauthenticated API passthrough endpoint on TCP port 7373. The affected versions span 4.3.0 through 7.5.0. An unauthenticated attacker with network access can enumerate cluster metadata including virtual machine information and cluster configuration details, and may invoke certain cluster maintenance workflows. While the vulnerability does not permit persistent configuration changes or credential access, successful exploitation can disrupt active workloads and impact service availability. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, low confidentiality impact, no integrity impact, and high availability impact. The vulnerability was published on 2026-04-28 and last modified on 2026-05-18. No known exploitation in the wild has been confirmed (E:U in CVSS vector).
- Vendor
- Nutanix
- Product
- Cisco Intersight Device Connector for Prism Central
- CVSS
- MEDIUM 6.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-28
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-04-28
- Advisory updated
- 2026-05-18
Who should care
Organizations running Cisco Intersight Device Connector for Nutanix Prism Central versions 4.3.0-7.5.0, particularly those with network segments where TCP port 7373 is reachable by untrusted hosts. Infrastructure teams managing Nutanix Prism Central clusters and security teams responsible for network segmentation and access control validation.
Technical summary
The Cisco Intersight Device Connector for Nutanix Prism Central versions 4.3.0 through 7.5.0 exposes an API passthrough endpoint on TCP port 7373 without authentication. The endpoint allows read-only enumeration of cluster metadata and invocation of certain cluster maintenance workflows. Exploitation requires network access to the deployment environment. Impact is limited to availability disruption through workload interference; no persistent modification or credential access is possible.
Defensive priority
medium
Recommended defensive actions
- Review network segmentation to restrict access to TCP port 7373 on affected Cisco Intersight Device Connector deployments
- Apply vendor-provided patches or updates per Nutanix Security Advisory 0046
- Monitor for unauthorized enumeration requests to the API passthrough endpoint
- Validate that cluster maintenance workflows require appropriate authentication controls
- Assess workload availability impact in environments where the connector is deployed
Evidence notes
Vulnerability description and CVSS scoring derived from NVD record. Affected version range confirmed via CPE criteria in source metadata. CWE-306 (Missing Authentication for Critical Function) and CWE-862 (Missing Authorization) identified as associated weaknesses. Third-party advisory reference provided by Nutanix.
Official resources
-
CVE-2026-5944 CVE record
CVE.org
-
CVE-2026-5944 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
2ffdacf6-8681-47df-b023-4f11abd61c1d - Third Party Advisory
-
Mitigation or vendor reference
2ffdacf6-8681-47df-b023-4f11abd61c1d - Product, Third Party Advisory
-
Mitigation or vendor reference
2ffdacf6-8681-47df-b023-4f11abd61c1d - Product, Third Party Advisory
public