File Overwrite Vulnerability in Cisco ThousandEyes Enterprise Agent
CVE-2026-20161

5.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Thousandeyes Enterprise Agent
Vendor: CVE Published:; 15 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20161?

A vulnerability has been identified in the CLI of Cisco ThousandEyes Enterprise Agent that could enable an authenticated, local attacker with limited privileges to overwrite arbitrary files on the system of an affected device. This issue arises from inadequate access controls that govern file permissions within the local file system. By placing a symbolic link in a designated location, an attacker may exploit this flaw to circumvent file system restrictions, potentially compromising system integrity. It's critical for users to be aware of this vulnerability and implement necessary mitigations.

Affected Version(s)

Cisco ThousandEyes Enterprise Agent Agent 5.0

Cisco ThousandEyes Enterprise Agent Agent 4.4.4

Cisco ThousandEyes Enterprise Agent Agent 4.4.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 15, 2026
Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20161 Data

JSON