Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities
Summary
Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administrative control of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. A workaround is available for one of the vulnerabilities. This advisory is part of the March 2026 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and l…
- Scope: The vulnerability described in CVE-2026-20040 affects Cisco IOS XR Software, regardless of device configuration.
- 25.1 and earlier — Migrate to a fixed release
- Release 25.2 (first fixed: 25.2.21 (Mar 2026) / 25.2.2)
- 25.3 — Migrate to a fixed release / Not affected
- Release 25.4 (first fixed: 25.4.2 (Mar 2026) / Not affected)
- Release 26.1 (first fixed: Not affected)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 25.2.21 (Mar 2026) / 25.2.2
- 25.4.2 (Mar 2026) / Not affected
- Not affected
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 25.1 and earlier: migrate to a fixed release.
- Release 25.2: upgrade to 25.2.21 (Mar 2026) / 25.2.2.
- Release 25.3: migrate to a fixed release / Not affected.
- Release 25.4: upgrade to 25.4.2 (Mar 2026) / Not affected.
- Release 26.1: upgrade to Not affected.
- CVE-2026-20040: There are no workarounds that address this vulnerability.
- CVE-2026-20046: There is a workaround only for devices that have TACACS+ authentication, authorization, and accounting (AAA) command authorization configured. Administrators can use this feature to permit access only to commands that non-administrative users require and deny access to all other commands.
- While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer depl…
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.