CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerability
CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
| CWE | CWE-77 |
| Vendor | cisco |
| Product | cisco iot field network director (iot-fnd) |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | May 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco iot field network director (iot-fnd)
Be the first to know when new medium vulnerabilities affecting cisco cisco iot field network director (iot-fnd) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco IoT Field Network Director (IoT-FND)
4.5.1 4.4.3 4.1.0 4.1.3 4.6.1 4.1.1 4.4.0 4.2.0 4.4.2 4.3.0 4.6.0 4.4.4 4.3.2 4.1.2 4.4.1 4.5.0 4.3.1 4.7.0 4.6.2 4.7.1 4.7.2 4.8.0 4.8.1 4.9.0 4.9.1 4.10.0 4.9.2 4.11.0 4.12.0 4.12.1