CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-20161

mediumcovered by 1 sourcefirst seen 2026-04-15
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU Security Impact Rating: Medium CVE: CVE-2026-20161

CSIRTS triage

What
A vulnerability in the CLI could allow an authenticated, local attacker to overwrite arbitrary files.
Who is affected
Authenticated local users with low privileges on affected devices.
Urgency
Remediation is necessary as it allows file system permission bypass.
Action
Update to the latest software version.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-20161

Get an email if CVE-2026-20161 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-20161

CVE.org record

Embed the live status

CVE-2026-20161 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-20161 status](https://www.csirts.com/badge/CVE-2026-20161)](https://www.csirts.com/cve/CVE-2026-20161)