Description
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.

This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.
Published: 2026-03-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability is a local privilege escalation flaw in the CLI of Cisco IOS XR software that permits an authenticated low‑privileged user to execute arbitrary commands as root on the device's underlying operating system. It arises from insufficient validation of user‑supplied arguments to certain CLI commands, as described in the vendor advisory. Successful exploitation allows full root access, compromising confidentiality, integrity, and availability of the device.

Affected Systems

Affected products include Cisco IOS XR software. Specific version information was not disclosed in the provided data; therefore administrators should refer to Cisco's security advisory for a full list of vulnerable releases. All installations of Cisco IOS XR exposed to the vulnerable CLI commands are potentially impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS score is under 1 %, suggesting low exploit probability. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local authentication to the device and the ability to crafted CLI commands; no remote code execution or elevated privileges are required beyond the local account. Administrators should assess the presence of low‑privileged accounts and the exposure of the affected CLI commands to gauge risk.

Generated by OpenCVE AI on March 17, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco IOS XR software patch or upgrade to a revision that resolves the CLI privilege escalation bug as provided by Cisco.
  • If no patch is currently available, enforce strict local account permissions and disable or restrict the vulnerable CLI commands.
  • Monitor CLI usage and audit logs for suspicious or unexpected command execution that could indicate exploitation.
  • Verify device firmware versions against Cisco’s security advisory and keep an inventory of all Cisco IOS XR devices to enable rapid response.

Generated by OpenCVE AI on March 17, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xr Software
Vendors & Products Cisco
Cisco ios Xr Software

Wed, 11 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.
Title Cisco IOS XR Software CLI Privilege Escalation Vulnerability
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Cisco Ios Xr Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-12T03:55:35.692Z

Reserved: 2025-10-08T11:59:15.354Z

Link: CVE-2026-20040

cve-icon Vulnrichment

Updated: 2026-03-11T17:14:26.684Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T17:16:54.747

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-20040

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:30:32Z

Weaknesses