CVE-2026-20040 | Cisco IOS XR up to 25.4.1 CLI os command injection (cisco-sa-iosxr-privesc-bF8D5U4W)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability categorized as critical has been discovered in Cisco IOS XR. Affected is an unknown function of the component CLI. Executing a manipulation can lead to os command injection.

This vulnerability is registered as CVE-2026-20040. The attack needs to be launched locally. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-20040 | Cisco IOS XR up to 25.4.1 CLI os command injection (cisco-sa-iosxr-privesc-bF8D5U4W)

Post correlati

CVE-2026-2884 | D-Link DWR-M960 1.01.07 WAN Interface Setting formWanConfigSetup sub_41914C submit-url stack-based overflow

CVE-2024-25626 | Yocto Project poky up to 3.1.30/4.0.15/4.3.1 HTTP os command injection (GHSA-75xw-78mm-72r4)

CVE-2026-27701 | live-codes livecodes Title code injection

CVE-2024-3177 | Kubernetes kube-apiserver up to 1.27.12/1.28.8/1.29.3 Mountable Secrets Policy envFrom information disclosure