CVE-2026-20040 - Vulnerability Details

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W

History

Wed, 11 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.
Title		Cisco IOS XR Software CLI Privilege Escalation Vulnerability
Weaknesses		CWE-78
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-11T16:31:14.292Z

Updated: 2026-03-11T17:20:21.775Z

Reserved: 2025-10-08T11:59:15.354Z

Link: CVE-2026-20040

Vulnrichment

Updated: 2026-03-11T17:14:26.684Z

NVD

Status : Received

Published: 2026-03-11T17:16:54.747

Modified: 2026-03-11T17:16:54.747

Link: CVE-2026-20040

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object