CVE-2026-5944: Cisco Intersight Connector Exposes Nutanix Prism Central API
The National Vulnerability Database (NVD) has detailed CVE-2026-5944, an improper access control vulnerability in the Cisco Intersight Device Connector for Nutanix Prism Central. This flaw exposes an API passthrough endpoint on TCP port 7373, accessible without authentication within the deployment’s network scope. Attackers can leverage this to enumerate cluster metadata, including virtual machine information and configuration details.
While the API primarily supports read-only operations, the NVD notes it also permits invoking certain cluster maintenance workflows. This means an unauthenticated attacker, with network access, can send crafted requests that go beyond simple data enumeration. The vulnerability does not allow persistent system configuration modification or direct access to credentials or sensitive user data.
However, successful exploitation could lead to significant disruption of active workloads and loss of service availability within the affected environment. The NVD assigns this vulnerability a CVSS score of 8.2 (HIGH), underscoring the severe impact on availability, despite limited confidentiality and integrity implications. This is a critical access control failure that needs immediate attention.
What This Means For You
- If your organization uses Cisco Intersight Device Connector for Nutanix Prism Central, you need to assess your network segmentation and access controls immediately. An unauthenticated attacker with internal network access can disrupt your Nutanix environment. Prioritize patching and ensure strict network isolation for management interfaces.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-5944: Unauthenticated Access to Nutanix Prism Central API via Cisco Intersight Connector
title: CVE-2026-5944: Unauthenticated Access to Nutanix Prism Central API via Cisco Intersight Connector
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects unauthenticated GET requests to the '/nutanix/api/v1/cluster/metadata' endpoint on TCP port 7373, which is exposed by the Cisco Intersight Device Connector. This specific endpoint is known to be vulnerable in CVE-2026-5944, allowing attackers to enumerate cluster metadata without authentication.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-5944/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
dst_port:
- 7373
cs-uri:
- '/nutanix/api/v1/cluster/metadata'
cs-method:
- 'GET'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-5944 | Improper Access Control | Cisco Intersight Device Connector for Nutanix Prism Central |
| CVE-2026-5944 | Information Disclosure | API passthrough endpoint on TCP port 7373 |
| CVE-2026-5944 | DoS | Disruption of active workloads via cluster maintenance workflows |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demands Immediate Attention
CVE-2026-7321 — Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.
D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes Routers
CVE-2026-7289 — A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument...
D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosed
CVE-2026-7288 — A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the...