CVE-2026-20168

medium

Cisco

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: May 6, 2026 (7 days ago)

Last Modified: May 6, 2026

Vendor: Cisco

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access.

CWE

CWE-388

References

🔗 sec.cloudapps.cisco.com

CVE-2026-20168

Vulnerability Report

Description

CWE

References