Skip to main content

Cisco Catalyst Center CVE-2026-20191

| EUVDEUVD-2026-41078 HIGH
Path Traversal (CWE-22)
2026-07-01 psirt@cisco.com GHSA-46p9-p299-pr9p
7.5
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated crafted HTTP request (AV:N/AC:L/PR:N/UI:N) yields read-only file disclosure within one container, so C:H with I:N/A:N and S:U.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 17:37 vuln.today
CVE Published
Jul 01, 2026 - 17:16 nvd
HIGH 7.5

DescriptionCVE.org

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. 

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device.

AnalysisAI

Arbitrary file read in Cisco Catalyst Center lets an unauthenticated, remote attacker retrieve files from a restricted container by sending a crafted HTTP request that abuses insufficient input validation (path traversal, CWE-22). Rated CVSS 7.5 (confidentiality-only impact), it exposes sensitive container-side data without any credentials or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Catalyst Center HTTP interface
Delivery
Send crafted request with traversal sequence
Exploit
Bypass path validation (CWE-22)
Execution
Read arbitrary files in restricted container
Impact
Exfiltrate sensitive container data

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the affected Cisco Catalyst Center device's HTTP interface and the ability to send a crafted HTTP request - no authentication, no credentials, and no user interaction (AV:N/AC:L/PR:N/UI:N against default management services). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, 7.5) describes a network-reachable, low-complexity, unauthenticated read with high confidentiality impact but no integrity or availability effect - a realistic and easily automatable information-disclosure primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the Catalyst Center management interface sends a single crafted HTTP request containing path-traversal sequences targeting the vulnerable file-read endpoint, and the server returns the contents of files outside the intended directory within the restricted container. Because no authentication or user interaction is required and complexity is low, the request is trivially scriptable to harvest configuration, tokens, or other sensitive container data. …
Remediation Consult the Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X) and upgrade to the fixed Catalyst Center release Cisco specifies; no exact fixed version was included in the provided data, so pull the precise build directly from that advisory - Patch available per vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 HOURS: Identify and document all Cisco Catalyst Center deployments in your environment; enable detailed HTTP request logging; establish baseline of normal access patterns. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-20191 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy