By Abinaya
Publication Date: 2026-03-12 10:19:00
Cisco has issued a high-severity security advisory warning organizations about two critical privilege-escalation vulnerabilities in its IOS XR Software.
If exploited, these flaws could allow an authenticated, local attacker to execute arbitrary commands as root or gain full administrative control over affected routing devices.
Both vulnerabilities were discovered during internal security testing by Cisco, and the company has released official software updates to address the flaws.
The vulnerabilities operate independently, meaning an attacker does not need to exploit one to leverage the other.
Cisco IOS XR Software Vulnerability
CVE-2026-20040: Root Command Execution
Discovered by Tristan Van Egroo of Cisco’s Advanced Security Initiatives Group (ASIG), this vulnerability stems from insufficient validation of user arguments passed to specific Command-Line Interface (CLI) commands.
An attacker…