SB2026050714 - Multiple vulnerabilities in Cisco IoT Field Network Director

Security Bulletin ID SB2026050714

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper error handling (CVE-ID: CVE-2026-20167)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling in the web-based management interface. A remote user can cause a denial of service condition on the target system.

2) Path traversal (CVE-ID: CVE-2026-20168)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient file access checks in the web-based management interface. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

3) Command Injection (CVE-ID: CVE-2026-20169)

The vulnerability allows a remote attacker to execute arbitrary commands on the system.

The vulnerability exists due to insufficient input validation in the web-based management interface. A remote user can pass specially crafted data to the application and execute arbitrary commands.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u