CVE-2026-5944
Published: 28 April 2026
Summary
CVE-2026-5944 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cisco Intersight Device Connector. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-5944 is an improper access control vulnerability in the Cisco Intersight Device Connector for Nutanix Prism Central. The affected component exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without requiring authentication. This issue, associated with CWEs-306 (Missing Authentication for Critical Function) and CWE-862 (Missing Authorization), carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) and was published on April 28, 2026.
An unauthenticated attacker with network access to the exposed endpoint can exploit this vulnerability by sending crafted requests. Exploitation enables enumeration of cluster metadata, including virtual machine information and cluster configuration details. Although the API primarily supports read-only operations, it also permits invocation of certain cluster maintenance workflows, potentially resulting in disruption of active workloads and loss of service availability. The vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data.
Nutanix has issued a security advisory detailing the vulnerability, available at https://download.nutanix.com/alerts/Security_Advisory_0046.pdf, along with related documentation on their portal (https://portal.nutanix.com/page/documents/list?type=software&filterKey=software&filterVal=Prism) and support site (https://www.nutanix.com/support). Practitioners should consult these resources for specific mitigation guidance and patch information.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26048
Vulnerability details
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.…
more
An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes an unauthenticated network-accessible API endpoint, directly enabling exploitation of public-facing applications (T1190), system information discovery via cluster/VM metadata enumeration (T1082), cloud infrastructure discovery (T1580), and endpoint denial of service through invocation of disruptive maintenance workflows (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the missing authentication for the API passthrough by requiring explicit authorization of any permitted actions without identification or authentication.
Prohibits or restricts unnecessary ports, protocols, and services like TCP 7373, preventing exposure of the vulnerable endpoint.
Monitors and controls communications at system boundaries to block network access to the unauthenticated endpoint and detect anomalous traffic.