CVE-2026-20167 HIGH

CVE-2026-20167: Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability

Vendor Cisco
Product Cisco IoT Field Network Director (IoT-FND)
Weakness CWE-284
Published May 6, 2026
Last update May 6, 2026
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated