CVE-2026-20206

Published: May 20, 2026

Modified: May 21, 2026

PUBLISHED

CVSS v3.1

6.3

MEDIUM

Description

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed. This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user. To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests.

Vendor	Product	Versions
Cisco	Cisco ThousandEyes Enterprise Agent	affected `Agent 5.0` affected `Agent 4.4.4` affected `Agent 4.4.3` affected `Agent 4.4.2` affected `Agent 4.2` +5 more versions

Weaknesses (CWE)

CWE-78

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

cisco-sa-tebbot-cmdinj-wN3yQ5gn

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-20206

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References