{"api_version":"1","generated_at":"2026-04-15T21:29:57+00:00","cve":"CVE-2026-20161","urls":{"html":"https://cve.report/CVE-2026-20161","api":"https://cve.report/api/cve/CVE-2026-20161.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-20161","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-20161"},"summary":{"title":"Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability","description":"A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.","state":"PUBLISHED","assigner":"cisco","published_at":"2026-04-15 17:17:03","updated_at":"2026-04-15 17:17:03"},"problem_types":["CWE-59","CWE-59 Improper Link Resolution Before File Access ('Link Following')"],"metrics":[{"version":"3.1","source":"psirt@cisco.com","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSSV3_1","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU","refsource":"psirt@cisco.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-20161","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20161","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 5.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.4.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.4.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.4.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 4.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 5.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco ThousandEyes Enterprise Agent","version":"affected Agent 5.1.2","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-20161","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-15T16:54:35.119090Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-15T16:56:35.191Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Cisco ThousandEyes Enterprise Agent","vendor":"Cisco","versions":[{"status":"affected","version":"Agent 5.0"},{"status":"affected","version":"Agent 4.4.4"},{"status":"affected","version":"Agent 4.4.3"},{"status":"affected","version":"Agent 4.4.2"},{"status":"affected","version":"Agent 4.2"},{"status":"affected","version":"Agent 4.1"},{"status":"affected","version":"Agent 4.0"},{"status":"affected","version":"Agent 5.1"},{"status":"affected","version":"Agent 5.1.2"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device."}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"cvssV3_1"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-59","description":"Improper Link Resolution Before File Access ('Link Following')","lang":"en","type":"cwe"}]}],"providerMetadata":{"dateUpdated":"2026-04-15T16:03:43.769Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"cisco-sa-te-agentfilewrite-tqUw3SMU","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU"}],"source":{"advisory":"cisco-sa-te-agentfilewrite-tqUw3SMU","defects":["CSCwt14485"],"discovery":"INTERNAL"},"title":"Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability"}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2026-20161","datePublished":"2026-04-15T16:03:43.769Z","dateReserved":"2025-10-08T11:59:15.388Z","dateUpdated":"2026-04-15T16:56:35.191Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-15 17:17:03","lastModifiedDate":"2026-04-15 17:17:03","problem_types":["CWE-59","CWE-59 Improper Link Resolution Before File Access ('Link Following')"],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"20161","Ordinal":"1","Title":"Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vul","CVE":"CVE-2026-20161","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"20161","Ordinal":"1","NoteData":"A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.","Type":"Description","Title":"Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vul"}]}}}