CVE-2026-20206: Cisco ThousandEyes BrowserBot Command Injection Vulnerability

Published May 20, 2026
·
Updated

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed. This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user. To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests.

Affected Software

1 affected component
Cisco ThousandEyes Enterprise Agent

Event History

May 20, 2026
CVE Published
via MITRE·04:06 PM
Data Sourced
via MITRE·04:06 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:16 PM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-20206?

CVE-2026-20206 is considered critical due to its potential for command injection by authenticated attackers.

2

How do I fix CVE-2026-20206?

To mitigate CVE-2026-20206, it is recommended to update to the latest version of Cisco ThousandEyes Enterprise Agent as per the vendor's security advisory.

3

What kind of attacks are possible with CVE-2026-20206?

CVE-2026-20206 allows authenticated, remote attackers to execute arbitrary commands on the affected Cisco ThousandEyes agents.

4

Which software is affected by CVE-2026-20206?

CVE-2026-20206 specifically affects the Cisco ThousandEyes Enterprise Agent software.

5

Who is at risk with CVE-2026-20206?

Organizations using the Cisco ThousandEyes Enterprise Agent are at risk of exploitation due to CVE-2026-20206.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203