CVE-2026-20040
Analyzed Analyzed - Analysis Complete

Command Injection in Cisco IOS XR CLI Allows Root Execution

Vulnerability report for CVE-2026-20040, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-11

Last updated on: 2026-07-01

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-11
Last Modified
2026-07-01
Generated
2026-07-06
AI Q&A
2026-03-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
cisco ios_xr to 25.2.21 (exc)
cisco ios_xr From 25.3.1 (inc) to 25.4.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-20040 is a vulnerability in the command-line interface (CLI) of Cisco IOS XR Software that allows an authenticated local attacker with low privileges to execute arbitrary commands as the root user on the underlying operating system.'}, {'type': 'paragraph', 'content': 'This happens because the software does not properly validate user-supplied arguments passed to certain CLI commands. An attacker can craft malicious commands at the prompt to exploit this flaw.'}, {'type': 'paragraph', 'content': "Successful exploitation results in privilege escalation from a low-privileged account to root, giving the attacker full control over the device's operating system."}] [1]

Impact Analysis

This vulnerability can have a severe impact as it allows an attacker with only low-level access to escalate their privileges to root on the affected device.

With root privileges, the attacker can execute arbitrary commands on the underlying operating system, potentially leading to full control over the device.

This could compromise the confidentiality, integrity, and availability of the device and the network it supports.

Compliance Impact

I don't know

Detection Guidance

There are no specific detection commands or methods provided in the available information to identify exploitation or presence of this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, Cisco strongly recommends upgrading to fixed software releases starting from IOS XR 25.2.21, which address CVE-2026-20040.

There are no workarounds available for this vulnerability, so applying the fixed software updates is the primary mitigation step.

Customers should carefully evaluate any potential workarounds for impact before deployment, but none are officially provided for this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20040. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart