VDB

CVE-2026-20046

CVE-2026-20046 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

EPSS 0.03% · 10.3th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.03%
10.3th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XR Software6.6.1, 6.5.1, 6.5.2

Exploit Intelligence

…and 2 more exploits

Timeline

  • Mar 11, 2026 CVE Published
  • Mar 11, 2026 PoC Published
  • Mar 11, 2026 PoC Published
  • Mar 11, 2026 PoC Published
  • Mar 12, 2026 EPSS Score
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 CVE Updated
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 PoC Published
  • Mar 12, 2026 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›