CVE-2026-20191
HighCVSS 7.5Exploitation Probability (EPSS)
Elevated risk51th percentile — higher than 51% of all known CVEs
Summary
A vulnerability in Cisco Catalyst Center allows an unauthenticated, remote attacker to read arbitrary files from a restricted container. The issue is due to insufficient validation of user-supplied input.
Risk Assessment
An attacker could access sensitive data stored in the container, potentially leading to information disclosure and network security compromise.
Recommendation
Apply the update provided by Cisco for Cisco Catalyst Center immediately. Until then, restrict access to the management interface.
Original NVD description (English source)
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.

