Home / Vulnerability Intelligence / CVE-2026-20046

CVE-2026-20046 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 11, 2026

Cisco IOS XR Software - Privilege Escalation

Published: March 11, 2026Updated: March 11, 2026

Overview

Cisco IOS XR Software contains a privilege escalation vulnerability caused by incorrect task group assignment for a specific CLI command, letting authenticated local attackers gain full administrative control, exploit requires low-privileged account access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 2.2%(Probability of exploitation in next 30 days)

Impact

Authenticated local attackers can gain full administrative control, compromising device security and management.

Mitigation

Update to the latest Cisco IOS XR Software version with the fix applied.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W

Social Media Activity(1 post)

Jeff Hall - PCIGuru :verified:

@jbhall56

Mar 12, 2026

The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. https://www.securityweek.com/cisco-patches-high-severity-ios-xr-vulnerabilities-2/

View original post

Related Resources

Details

CVE ID: CVE-2026-20046
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new
EPSS: 2.2%
Social Posts: 1

CWE

CWE-264

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

2.2%Probability of exploitation in the next 30 days