CISCO-SA-IOSXR-PRIVESC-BF8D5U4W

Vulnerable Products:

The vulnerability described in CVE-2026-20040 affects Cisco IOS XR Software, regardless of device configuration.

The vulnerability described in CVE-2026-20046 affects Cisco IOS XRv 9000 Routers, regardless of device configuration.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:

IOS Software IOS XE Software NX-OS SoftwareDetails:

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.

Details about the vulnerabilities are as follows:

CVE-2026-20040: Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.

This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwp84685 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp84685"], CSCwp27221 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp27221"], CSCwp30135...