Cisco IOS XR Software CLI Privilege Escalation Vulnerability
Summary
| CVE | CVE-2026-20046 |
|---|---|
| State | PUBLISHED |
| Assigner | cisco |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-11 17:16:55 UTC |
| Updated | 2026-07-01 17:10:13 UTC |
| Description | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS: 0.001350000 probability, percentile 0.033060000 (date 2026-07-04)
Problem Types: CWE-264 | CWE-264 Permissions, Privileges, and Access Control
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | CNA | CVSSV3_1 | 8.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Ios Xr | All | All | All | All |
| Hardware | Cisco | Ios Xrv 9000 | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Cisco | Cisco IOS XR Software | affected 6.6.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.5.3 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.0.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.5.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.5.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.6.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.6.25 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.1.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.0.90 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.6.3 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.0.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.1.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.2.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 6.6.4 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.3.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.4.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.2.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.3.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.5.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.6.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.5.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.3.4 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.3.3 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.4.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.7.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.6.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.8.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.7.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.9.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.8.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.5.4 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.8.22 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.10.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.7.21 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.9.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.5.5 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.11.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.10.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.3.6 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.1.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.11.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.2.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.1.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.3.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.4.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.2.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 7.11.21 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.2.20 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.3.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.4.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 25.1.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.3.20 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 25.2.1 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 25.1.2 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.3.30 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 24.2.21 | Not specified |
| CNA | Cisco | Cisco IOS XR Software | affected 25.1.30 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-... | [email protected] | sec.cloudapps.cisco.com | Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Exploits
CNA: The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
There are currently no legacy QID mappings associated with this CVE.