CVE-2026-20191
HIGHCisco Catalyst Center Arbitrary File Read Vulnerability
Title source: cnaDescription
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.
References (1)
Core 1
Core References
cisco-sa-catc-file-read-wLH2vf8X
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X
Scores
CVSS v3
7.5
EPSS
0.0076
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (17)
Cisco/Cisco Catalyst Center
2.3.7.0-VA
Cisco/Cisco Catalyst Center
2.3.7.10-VA
Cisco/Cisco Catalyst Center
2.3.7.5-VA
Cisco/Cisco Catalyst Center
2.3.7.6-VA
Cisco/Cisco Catalyst Center
2.3.7.7-VA
Cisco/Cisco Catalyst Center
2.3.7.9-VA
Cisco/Cisco Catalyst Center
3.1.3
Cisco/Cisco Catalyst Center
3.1.3-VA
Cisco/Cisco Catalyst Center
3.1.5
Cisco/Cisco Catalyst Center
3.1.5-RevUp
... and 7 more
Published
Jul 01, 2026
Tracked Since
Jul 01, 2026