CVE-2026-20191 – Cisco Catalyst Center

CVSS 7.5 IMPORTANT High with EoP or RCE – Expedited Deployment

“A single unchecked request can expose data that was never meant to be seen.”

Cisco has released a security update for a high-severity vulnerability in Cisco Catalyst Center. The vulnerability is caused by insufficient validation of user-supplied input and could allow an unauthenticated remote attacker to read arbitrary files from a restricted container by sending a crafted HTTP request.

CVE-2026-20191 has a CVSS score of 7.5, which is High severity. No verified real-world exploitation or public proof-of-concept has been confirmed. Applying the Cisco security update prevents unauthorized access to files within the affected restricted container.

Key Details

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-22
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.