Cisco Catalyst Center Vulnerability Allows Remote Attackers to Read Arbitrary Files
Key Takeaways Cisco has identified a high-severity vulnerability (CVE-2026-20191) in its Catalyst Center platform. The flaw allows unauthenticated remote attackers to read arbitrary files, posing a...
Key Takeaways
- Cisco has identified a high-severity vulnerability (CVE-2026-20191) in its Catalyst Center platform.
- The flaw allows unauthenticated remote attackers to read arbitrary files, posing a significant confidentiality risk.
- Affected systems include both hardware appliances and virtual deployments across various platforms.
- Patches are available in specific software updates for Catalyst Center 3.1.6 GSMU200 and VMware ESXi versions.
Cisco Catalyst Center Vulnerability Uncovered
Cisco has issued a critical alert regarding a high-severity vulnerability within its Catalyst Center platform. This flaw could enable unauthenticated remote attackers to gain unauthorized access and read arbitrary files from affected systems, raising significant concerns about data confidentiality.
Table Of Content
Technical Details of CVE-2026-20191
Designated as CVE-2026-20191, this security weakness carries a CVSS score of 7.5, classifying it as a high-severity issue. The vulnerability falls under CWE-22, indicating a path-traversal defect. This stems from inadequate validation of user-supplied input within the Catalyst Center’s interface, as detailed in the Cisco Security Advisory.
Exploitation involves an attacker sending a specially crafted HTTP request to a vulnerable instance. If successful, this allows the attacker to bypass container environment restrictions and access sensitive files residing on the compromised device.
Impact on Cisco Catalyst Center Deployments
Cisco Catalyst Center, formerly known as Cisco DNA Center, serves as a crucial component for centralized network management, automation, and policy enforcement in enterprise networks. The vulnerability impacts all deployment types, including hardware appliances and virtual instances running on AWS, Microsoft Azure, and VMware ESXi platforms, regardless of their specific configurations.
While the flaw does not facilitate data modification or service disruption, the capability to read arbitrary files presents a substantial risk to data confidentiality. Attackers could potentially exfiltrate critical configuration files, authentication credentials, or other sensitive system data. Such information could then be leveraged for further malicious activities, including lateral movement within an organization’s network infrastructure.
Patches and Mitigation
Cisco has confirmed that no workarounds are currently available to mitigate this vulnerability. Consequently, organizations operating affected versions are urged to apply the provided software updates immediately. The vulnerability has been addressed in Catalyst Center 3.1.6 GSMU200, and for VMware ESXi deployments, fixes are available in 2.3.7.11-VA GSMU100 (for 2.3.7) and 3.1.6 GSMU200 (for 3.1). Versions prior to 3.1 are not affected by this specific issue.
The Cisco Product Security Incident Response Team (PSIRT) has stated that there is no current evidence of active exploitation in the wild, nor have any public proof-of-concept exploits or attack campaigns been reported at the time of disclosure. The vulnerability was discovered internally during an investigation into a Cisco Technical Assistance Center support case.
Despite the absence of observed attacks, security experts caution that the unauthenticated nature of this vulnerability, combined with the simplicity of crafting HTTP requests for exploitation, significantly lowers the barrier for potential attackers. Organizations with internet-exposed Catalyst Center interfaces or inadequately segmented management networks are particularly susceptible.
What You Should Do
- Immediately apply the available software updates: Catalyst Center 3.1.6 GSMU200, and for VMware ESXi, 2.3.7.11-VA GSMU100 (for 2.3.7) or 3.1.6 GSMU200 (for 3.1).
- Restrict external access to Catalyst Center interfaces to only trusted internal networks.
- Monitor network logs diligently for any suspicious HTTP requests targeting file access paths on your Catalyst Center instances.
- Implement robust network segmentation to isolate management interfaces and critical infrastructure from less secure network segments.
- Conduct regular security audits of your Catalyst Center deployments and associated network configurations.
Download Free Microsoft Vulnerabilities Report 2026
– A The latest Microsoft Vulnerabilities data, analyzed.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.


No Comment! Be the first one.