Local File Overwrite via CLI in Cisco ThousandEyes EA
CVE-2026-20161 Published on April 15, 2026

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.

NVD

Vulnerability Analysis

CVE-2026-20161 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2026-20161 has been classified to as an insecure temporary file vulnerability or weakness.


Products Associated with CVE-2026-20161

Want to know whenever a new CVE is published for Cisco Thousandeyes Enterprise Agent? stack.watch will email you.

Cisco Thousandeyes Enterprise Agent
 

Affected Versions

Cisco ThousandEyes Enterprise Agent: