High7.5Cisco Updated
Cisco Catalyst Center Arbitrary File Read Vulnerability
cisco-sa-catc-file-read-wLH2vf8X Published Jul 1, 2026Updated by vendor Jul 1, 2026
CVE-2026-20191
Affected products & platforms
CiscoManagementCatalyst Center
Summary
A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.
Affected versions
- Scope: This vulnerability affects Cisco Catalyst Center, both virtual and hardware appliances, regardless of device configuration.
- Release 3.1 (first fixed: 3.1.6 GSMU200)
- Release 2.3.7 (first fixed: 2.3.7.11-VA GSMU100)
- Release 3.1 (first fixed: 3.1.6 GSMU200)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 3.1.6 GSMU200
- 2.3.7.11-VA GSMU100
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 3.1: upgrade to 3.1.6 GSMU200.
- Release 2.3.7: upgrade to 2.3.7.11-VA GSMU100.
- Release 3.1: upgrade to 3.1.6 GSMU200.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.