CVE-2026-20169 MEDIUM

CVE-2026-20169: Cisco IoT Field Network Director Command Injection Vulnerability

Vendor Cisco
Product Cisco IoT Field Network Director (IoT-FND)
Weakness CWE-77
Published May 6, 2026
Last update May 6, 2026

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated