CVE-2026-20161
Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.
| CWE | CWE-59 |
| Vendor | cisco |
| Product | cisco thousandeyes enterprise agent |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Apr 15, 2026 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco thousandeyes enterprise agent
Be the first to know when new medium vulnerabilities affecting cisco cisco thousandeyes enterprise agent are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected Versions
Cisco / Cisco ThousandEyes Enterprise Agent
Agent 5.0 Agent 4.4.4 Agent 4.4.3 Agent 4.4.2 Agent 4.2 Agent 4.1 Agent 4.0 Agent 5.1 Agent 5.1.2