CVE-2026-20040

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A flaw exists in the Command Line Interface (CLI) of Cisco IOS XR Software that could allow a local attacker with authentication to execute arbitrary commands as root on the underlying operating system. This is due to inadequate validation of user-supplied arguments passed to specific CLI commands. An attacker with limited privileges could exploit this by using specially crafted commands. Successful exploitation may lead to privilege escalation to root access and the ability to execute arbitrary commands on the operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.