CVE-2026-20040
Command Injection in Cisco IOS XR CLI Allows Root Execution
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xr_software | From 25.2.21 (inc) |
| cisco | ios_xrv_9000_routers | From 25.2.2 (inc) |
| cisco | ios_xr_software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-20040 is a vulnerability in the command-line interface (CLI) of Cisco IOS XR Software that allows an authenticated local attacker with low privileges to execute arbitrary commands as the root user on the underlying operating system.'}, {'type': 'paragraph', 'content': 'This happens because the software does not properly validate user-supplied arguments passed to certain CLI commands. An attacker can craft malicious commands at the prompt to exploit this flaw.'}, {'type': 'paragraph', 'content': "Successful exploitation results in privilege escalation from a low-privileged account to root, giving the attacker full control over the device's operating system."}] [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows an attacker with only low-level access to escalate their privileges to root on the affected device.
With root privileges, the attacker can execute arbitrary commands on the underlying operating system, potentially leading to full control over the device.
This could compromise the confidentiality, integrity, and availability of the device and the network it supports.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided in the available information to identify exploitation or presence of this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Cisco strongly recommends upgrading to fixed software releases starting from IOS XR 25.2.21, which address CVE-2026-20040.
There are no workarounds available for this vulnerability, so applying the fixed software updates is the primary mitigation step.
Customers should carefully evaluate any potential workarounds for impact before deployment, but none are officially provided for this issue.