Insufficient Input Validation in Cisco IoT Field Network Director
CVE-2026-20169

6.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Iot Field Network Director (iot-fnd)
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20169?

A vulnerability within the web-based management interface of Cisco IoT Field Network Director allows an authenticated remote attacker with limited privileges to access sensitive files and execute commands on a remote router. This issue stems from inadequate input validation of user-supplied data, making it possible for an attacker to exploit the vulnerability by entering specially crafted input via the management interface. If successfully exploited, the attacker could manipulate files—creating, reading, or deleting—and execute commands in user EXEC mode on the affected router.

Affected Version(s)

Cisco IoT Field Network Director (IoT-FND) 4.5.1

Cisco IoT Field Network Director (IoT-FND) 4.4.3

Cisco IoT Field Network Director (IoT-FND) 4.1.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20169 Data

JSON