Root RCE via Cisco Nexus Dashboard Backup Auth Leak (CVE-2026-20042)
CVE-2026-20042 Published on April 1, 2026
Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.
This vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
Vulnerability Analysis
CVE-2026-20042 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-20042
Want to know whenever a new CVE is published for Cisco Nexus Dashboard? stack.watch will email you.
Affected Versions
Cisco Nexus Dashboard:- Version 1.1(3e) is affected.
- Version 1.1(3c) is affected.
- Version 1.1(3d) is affected.
- Version 1.1(0d) is affected.
- Version 1.1(2i) is affected.
- Version 2.0(1b) is affected.
- Version 1.1(2h) is affected.
- Version 1.1(0c) is affected.
- Version 1.1(3f) is affected.
- Version 2.1(1d) is affected.
- Version 2.1(1e) is affected.
- Version 2.0(2g) is affected.
- Version 2.0(2h) is affected.
- Version 2.1(2d) is affected.
- Version 2.0(1d) is affected.
- Version 2.2(1h) is affected.
- Version 2.2(1e) is affected.
- Version 2.2(2d) is affected.
- Version 2.1(2f) is affected.
- Version 2.3(1c) is affected.
- Version 2.3(2b) is affected.
- Version 2.3(2c) is affected.
- Version 2.3(2d) is affected.
- Version 2.3(2e) is affected.
- Version 3.0(1f) is affected.
- Version 3.0(1i) is affected.
- Version 3.1(1k) is affected.
- Version 3.1(1l) is affected.
- Version 3.2(1e) is affected.
- Version 3.2(1i) is affected.
- Version 3.3(1a) is affected.
- Version 3.3(1b) is affected.
- Version 3.3(2b) is affected.
- Version 4.0(1i) is affected.
- Version 3.3(2g) is affected.
- Version 3.2(2f) is affected.
- Version 3.2(2g) is affected.
- Version 3.2(2m) is affected.
- Version 3.1(1n) is affected.
- Version 4.1(1g) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.