CVE-2026-20046 - Vulnerability Analysis

Jeff Hall - PCIGuru :verified:

@jbhall56

Mar 12, 2026

The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2026-20046 - High (8.8) A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is du... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20046/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

AA

@AAKL

Mar 11, 2026

Four new high-risk vulnerabilities from Cisco: - CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN - CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK - CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W - CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability @cR0w