CVE Catalog

CVE-2026-20191

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

51th percentile — higher than 51% of all known CVEs

Summary

A vulnerability in Cisco Catalyst Center allows an unauthenticated, remote attacker to read arbitrary files from a restricted container. The issue is due to insufficient validation of user-supplied input.

Risk Assessment

An attacker could access sensitive data stored in the container, potentially leading to information disclosure and network security compromise.

Recommendation

Apply the update provided by Cisco for Cisco Catalyst Center immediately. Until then, restrict access to the management interface.

Original NVD description (English source)

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS