Command Injection Vulnerability in Cisco ThousandEyes Enterprise Agent
CVE-2026-20206

6.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Thousandeyes Enterprise Agent
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20206?

A security flaw in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could enable authenticated attackers to execute arbitrary commands on agents. This issue arises from inadequate input validation of command arguments provided by users. By successfully authenticating to the ThousandEyes SaaS, an attacker could submit specially crafted input into the affected parameters, potentially gaining the ability to execute commands within the BrowserBot container with node user privileges. This vulnerability highlights the importance of robust input validation and access controls in preventing unauthorized command execution.

Affected Version(s)

Cisco ThousandEyes Enterprise Agent Agent 5.0

Cisco ThousandEyes Enterprise Agent Agent 4.4.4

Cisco ThousandEyes Enterprise Agent Agent 4.4.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20206 Data

JSON