CVE-2026-20161

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

CVSS 5.5 MEDIUMEPSS 0.1%CWE-59

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Apr 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Cisco · Cisco ThousandEyes Enterprise Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU