{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-20191","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2025-10-08T11:59:15.395Z","datePublished":"2026-07-01T16:27:32.642Z","dateUpdated":"2026-07-01T17:25:09.294Z"},"containers":{"cna":{"title":"Cisco Catalyst Center Arbitrary File Read Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.&nbsp;\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read arbitrary files from a restricted container of the affected device."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catc-file-read-wLH2vf8X","name":"cisco-sa-catc-file-read-wLH2vf8X"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-catc-file-read-wLH2vf8X","discovery":"INTERNAL","defects":["CSCwt73509"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","type":"cwe","cweId":"CWE-22"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Catalyst Center","versions":[{"version":"2.3.7.0-VA","status":"affected"},{"version":"2.3.7.5-VA","status":"affected"},{"version":"2.3.7.6-VA","status":"affected"},{"version":"2.3.7.7-VA","status":"affected"},{"version":"2.3.7.9-VA","status":"affected"},{"version":"3.1.3","status":"affected"},{"version":"3.1.3-VA","status":"affected"},{"version":"2.3.7.10-VA","status":"affected"},{"version":"3.1.5","status":"affected"},{"version":"3.1.5-VA","status":"affected"},{"version":"3.1.5-VA on AWS","status":"affected"},{"version":"3.1.5-RevUp","status":"affected"},{"version":"3.1.6","status":"affected"},{"version":"3.1.6-VA","status":"affected"},{"version":"3.1.6-BETA","status":"affected"},{"version":"3.1.6-GSMU100","status":"affected"},{"version":"3.1.6-VA-GSMU100","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2026-07-01T16:27:32.642Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-20191","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-07-01T17:18:27.744122Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-07-01T17:25:09.294Z"}}]}}