Command Injection in Cisco ThousandEyes BrowserBot Agent
CVE-2026-20206 Published on May 20, 2026
Cisco ThousandEyes BrowserBot Command Injection Vulnerability
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed.
This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user.
To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests.
Vulnerability Analysis
CVE-2026-20206 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-20206 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2026-20206
Want to know whenever a new CVE is published for Cisco Thousandeyes Enterprise Agent? stack.watch will email you.
Affected Versions
Cisco ThousandEyes Enterprise Agent:- Version Agent 5.0 is affected.
- Version Agent 4.4.4 is affected.
- Version Agent 4.4.3 is affected.
- Version Agent 4.4.2 is affected.
- Version Agent 4.2 is affected.
- Version Agent 4.1 is affected.
- Version Agent 4.0 is affected.
- Version Agent 5.1 is affected.
- Version Agent 5.1.2 is affected.
- Version Agent 5.1.3 is affected.