Cisco Patches High-Severity File-Read Vulnerability in Catalyst Center
Cisco has disclosed a high-severity vulnerability (CVE-2026-20191) in its Catalyst Center platform, which could allow unauthenticated remote attackers to read arbitrary files from affected systems. The flaw, rated 7.5 on the CVSS scale, stems from improper input validation in the platform’s interface, enabling path-traversal attacks (CWE-22).
Exploiting the vulnerability requires sending a crafted HTTP request to a vulnerable instance, potentially granting access to sensitive files including configurations, credentials, or system data within a restricted container environment. While the flaw does not permit data modification or service disruption, it poses a significant confidentiality risk, as stolen files could facilitate further attacks or lateral movement in enterprise networks.
The issue affects Catalyst Center (formerly Cisco DNA Center), a centralized network management, automation, and policy enforcement tool used in enterprise environments. Both hardware appliances and virtual deployments including those on AWS, Microsoft Azure, and VMware ESXi are impacted, regardless of configuration.
Cisco has released patches for the vulnerability, with fixes available in:
- Catalyst Center 3.1.6 GSMU200
- VMware ESXi 2.3.7.11-VA GSMU100 (for 2.3.7)
- VMware ESXi 3.1.6 GSMU200 (for 3.1)
Versions earlier than 3.1 are unaffected. Cisco confirmed that no workarounds exist, making patching the only mitigation. The Cisco Product Security Incident Response Team (PSIRT) reported no evidence of active exploitation or public proof-of-concept exploits at the time of disclosure. However, the unauthenticated attack vector and low complexity of exploitation heighten risks for organizations with exposed or improperly segmented management interfaces.
The vulnerability was discovered internally during a Cisco Technical Assistance Center (TAC) support case investigation. While no attacks have been observed, security experts warn that the flaw could be exploited by threat actors targeting unpatched systems.
Source: https://cybersecuritynews.com/cisco-catalyst-center-vulnerability-attackers/
Cisco TPRM report: https://www.rankiteo.com/company/cisco
"id": "cis1783002468",
"linkid": "cisco",
"type": "Vulnerability",
"date": "7/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology/Networking',
'name': 'Cisco',
'type': 'Corporation'}],
'attack_vector': 'Remote',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Configurations, credentials, '
'system data'},
'description': 'Cisco has disclosed a high-severity vulnerability '
'(CVE-2026-20191) in its Catalyst Center platform, which could '
'allow unauthenticated remote attackers to read arbitrary '
'files from affected systems. The flaw stems from improper '
'input validation in the platform’s interface, enabling '
'path-traversal attacks (CWE-22). Exploiting the vulnerability '
'requires sending a crafted HTTP request to a vulnerable '
'instance, potentially granting access to sensitive files '
'including configurations, credentials, or system data within '
'a restricted container environment. While the flaw does not '
'permit data modification or service disruption, it poses a '
'significant confidentiality risk.',
'impact': {'data_compromised': 'Sensitive files (configurations, credentials, '
'system data)',
'operational_impact': 'Confidentiality risk; potential for further '
'attacks or lateral movement',
'systems_affected': 'Catalyst Center (hardware appliances and '
'virtual deployments)'},
'investigation_status': 'Vulnerability patched; no active exploitation '
'observed',
'post_incident_analysis': {'corrective_actions': 'Patches released for '
'affected versions',
'root_causes': 'Improper input validation in '
'Catalyst Center interface'},
'recommendations': 'Apply patches immediately; ensure proper network '
'segmentation for management interfaces.',
'references': [{'source': 'Cisco Security Advisory'}],
'response': {'communication_strategy': 'Public disclosure via Cisco PSIRT',
'containment_measures': 'Patching',
'remediation_measures': 'Released patches for affected versions'},
'title': 'Cisco Patches High-Severity File-Read Vulnerability in Catalyst '
'Center',
'type': 'Vulnerability Disclosure',
'vulnerability_exploited': 'CVE-2026-20191 (Path Traversal - CWE-22)'}