Insufficient File Access Checks in Cisco IoT Field Network Director
CVE-2026-20168

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Iot Field Network Director (iot-fnd)
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20168?

A vulnerability exists in the web-based management interface of Cisco IoT Field Network Director. This issue arises from insufficient checks on file access permissions, allowing authenticated, remote attackers with low privileges to manipulate crafted input. By exploiting this flaw, attackers may gain the ability to access files they are not authorized to read, posing a risk to sensitive data integrity and confidentiality.

Affected Version(s)

Cisco IoT Field Network Director (IoT-FND) 4.5.1

Cisco IoT Field Network Director (IoT-FND) 4.4.3

Cisco IoT Field Network Director (IoT-FND) 4.1.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20168 Data

JSON