CVE-2026-20169
Received Received - Intake
Authenticated Remote Command Execution in Cisco IoT Field Network Director

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20169
EUVD
EUVD-2026-27854
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco iot_field_network_director *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the web-based management interface of Cisco IoT Field Network Director. It allows an authenticated remote attacker with low privileges to exploit insufficient input validation of user-supplied data.

By submitting specially crafted input through the interface, the attacker could gain the ability to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

Impact Analysis

The impact of this vulnerability includes unauthorized access to files and execution of commands on a remote router, which could compromise the integrity and confidentiality of the device.

An attacker with low privileges could manipulate files or execute commands, potentially disrupting network operations or gaining further access within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20169. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart