CVE-2026-20040 - Vulnerability Analysis

Jeff Hall - PCIGuru :verified:

@jbhall56

Mar 12, 2026

The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2026-20040 - High (8.8) A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validatio... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20040/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

AA

@AAKL

Mar 11, 2026

Four new high-risk vulnerabilities from Cisco: - CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN - CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK - CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W - CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability @cR0w