Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Cisco IOS XR Software Privilege Elevation Vulnerability
CVE-2026-20046
Summary
An attacker with a low-privileged account can use a specific command to gain full control of a device. This can happen when an authorized user logs in with a lower-level account and uses a specific command to bypass security checks. To protect your device, ensure that all users have the correct authorization and access levels, and regularly review and update your device's software to prevent exploitation.
Original title
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control ...
Original description
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device.
This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.
This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.
nvd CVSS3.1
8.8
Vulnerability type
CWE-264
Permissions, Privileges, and Access Controls
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026