CVE-2026-20046

high

Cisco

CVSS v3 Base Score

8.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 94% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: March 11, 2026 (63 days ago)

Last Modified: March 12, 2026

Vendor: Cisco

Source: NVD

Description

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.

CWE

CWE-264

References

🔗 sec.cloudapps.cisco.com

CVE-2026-20046

Vulnerability Report

Description

CWE

References