Remote Command Execution Vulnerability in Cisco ThousandEyes Virtual Appliance
CVE-2026-20199

4.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Thousandeyes Enterprise Agent
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20199?

A security flaw exists in the SSL certificate handling process of the Cisco ThousandEyes Virtual Appliance. This vulnerability permits an authenticated, remote attacker to execute operations on the underlying operating system with root privileges. The issue stems from inadequate validation of content supplied by the user. An attacker, possessing valid administrative credentials, could exploit this weakness by uploading a maliciously crafted certificate to the affected device, potentially leading to arbitrary code execution.

Affected Version(s)

Cisco ThousandEyes Enterprise Agent

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20199 Data

JSON