CISCO has released the semiannual IOS XR software security advisory bundle, detailing four high-severity vulnerabilities. The two most severe—CVE-2026-20040 and CVE-2026-20046—carry a CVSS score of 8.8 and could allow an attacker to execute arbitrary commands as root or elevate privileges to administrator via CLI command handling. CVE-2026-20040 stems from insufficient validation of user arguments to certain CLI commands, enabling a low-privileged attacker to supply crafted commands at the prompt.
CVE-2026-20046 involves mis-mapping of a CLI command to task groups, allowing privilege escalation and actions without proper authorization checks. The other high-severity flaws, CVE-2026-20074 (7.4) affects IS-IS multi-instance routing and could let an unauthenticated adjacent attacker restart the IS-IS process, while CVE-2026-20118 (6.8) concerns EPNI Aligner interrupt handling and could cause persistent heavy packet loss and DoS through crafted packets. Cisco notes fixes are available for all four, and it is not aware of any exploitation in the wild.