CVE-2026-20046

CWE-264CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.0%
top 91.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco IOS XR Software
Timeline
PublishedMar 11

Description

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the atta

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software57 versions+56

🔴Vulnerability Details

2
CVEList
Cisco IOS XR Software CLI Privilege Escalation Vulnerability2026-03-11
GHSA
GHSA-jmg4-jjq9-vcrv: A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate p2026-03-11

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities2026-03-11
CVE-2026-20046 (HIGH CVSS 8.8) | A vulnerability in task group assig | cvebase.io