Vulnerabilities Cisco Patches High-Severity IOS XR Vulnerabilities The security defects could lead to denial-of-service (DoS) conditions, command execution, or device takeover. By Ionut Arghire | March 12, 2026 (6:25 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Cisco on Wednesday published its semiannual IOS XR software security advisory bundle, which includes three advisories detailing four high-severity vulnerabilities. The most severe of these issues are CVE-2026-20040 and CVE-2026-20046 (CVSS score of 8.8), two bugs that could be exploited to execute arbitrary commands as root or gain administrative control of a device. CVE-2026-20040 exists because user arguments passed to specific CLI commands are not sufficiently validated, allowing a low-privileged attacker to supply crafted commands at the prompt. “A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system,” Cisco explains in its advisory . CVE-2026-20046 impacts the task group assignment for a specific CLI command and exists because the command is incorrectly mapped to task groups within the source code. This allows an unprivileged attacker to bypass the task group-based checks via CLI commands to elevate their privileges to administrator and perform actions without authorization checks. Advertisement. Scroll to continue reading. On Wednesday, Cisco also announced patches for CVE-2026-20074 (CVSS score of 7.4), a bug in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of IOS XR that could be exploited to restart the IS-IS process. Insufficient input validation of ingress IS-IS packets could allow an unauthenticated, adjacent attacker to send crafted packets to a vulnerable device to cause the IS-IS process to restart, thus causing a denial-of-service (DoS) condition. The fourth high-severity bug addressed in IOS XR this month is CVE-2026-20118 (CVSS score of 6.8), which impacts the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt. The corruption of packets when an EPNI Aligner interrupt is triggered during heavy transit traffic could allow an attacker to cause persistent, heavy packet loss and a DoS condition by sending a continuous flow of crafted packets to a vulnerable device. Fixes are available for all these vulnerabilities, and Cisco notes that it is not aware of any of them being exploited in the wild. On Wednesday, the tech giant also patched two medium-severity flaws in Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center that could be exploited by remote, unauthenticated attackers to mount XSS attacks. Related: Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited Related: Cisco Patches Critical Vulnerabilities in Enterprise Networking Products Related: Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers Related: Cisco, F5 Patch High-Severity Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities Quantro Security Emerges From Stealth With $2.5 Million in Funding Microsoft Patches 83 Vulnerabilities Adobe Patches 80 Vulnerabilities Across Eight Products SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities Escape Raises $18 Million to Automate Pentesting Recent Ivanti Endpoint Manager Flaw Exploited in Attacks ClickFix Attack Uses Windows Terminal to Evade Detection Latest News Critical N8n Vulnerabilities Allowed Server Takeover Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Wiz Joins Google Cloud as Landmark Acquisition Closes CISO Conversations: Aimee Cardwell 238,000 Impacted by Bell Ambulance Data Breach Scanner Raises $22 Million for AI-Powered Threat Hunting Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Netskope has appointed Joseph Welsh as leader of US public sector sales. New England energy company Eversource Energy has appointed Michael Tetto as CISO. Col. Becky Beers has been named Acting Air Force CISO following the departure of Aaron Bishop. More People On The Move Expert Insights How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email