- 60/2026
- High
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting (XSS), conduct denial-of-service (DoS) attacks, execute arbitrary code or system commands, and escalate privileges to root on the underlying operating system, potentially resulting in full administrative control of the affected device.
Sample of addressed vulnerabilities:
1. Cisco IOS XR Software CLI Privilege Escalation Vulnerability (CVE-2026- 20040):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
2. Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability (CVE-2026-20074):
- CVSS: 7.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Cisco IOS XR Software and IOS XR Software with the enabled IS-IS multiinstance routing feature.
- Cisco Unified Intelligence Center and Cisco Finesse.
- Cisco IOS XRv 9000 Routers.
Vulnerabilities
- CVE-2026-20040
- CVE-2026-20046
- CVE-2026-20074
- CVE-2026-20116
- CVE-2026-20117
- CVE-2026-20118
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.