CVE-2026-20046
HIGH EPSS 3.9%
Published Mar 11, 20263mo ago · Modified Mar 12, 20263mo ago
8.8 CVSS 3.1
Published Mar 11, 2026 3mo ago
Last Modified Mar 12, 2026 3mo ago
Description
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
3.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.